Supported Cloud Providers and Resource Types
CloudYali's Unified Asset Inventory covers five cloud providers with comprehensive resource type coverage. This page documents the resource types, discovery mechanisms, and capabilities available for each provider.
Provider Comparison
| Capability | AWS | GCP | Azure | Fastly | Anthropic |
|---|---|---|---|---|---|
| Resource types | 270+ | 100+ | All via Resource Graph | CDN services | 5 types |
| Tag/label support | Yes | Yes (labels) | Yes | No | No |
| Change history | Full history | 35-day window | Full history + who/how | No | No |
| Cost per resource | Yes | Yes | Yes | Yes | Yes |
| Multi-account | Yes | Yes (multi-project) | Yes (multi-subscription) | Yes | Yes (multi-org) |
| Deletion tracking | Yes | Yes | Yes | Yes | Yes |
Amazon Web Services (AWS)
CloudYali discovers 270+ AWS resource types across all enabled regions and connected accounts using CloudTrail and AWS Config snapshots.
How AWS Discovery Works
- Resources are discovered through periodic snapshot scans across all connected AWS accounts
- Configuration changes are tracked by comparing checksums between scans
- When a resource disappears between scans, it is marked as deleted
- Tags are captured as key-value pairs for filtering and governance
AWS Resource Categories
| Category | Examples | Approx. Count |
|---|---|---|
| Compute | EC2 Instances, Auto Scaling Groups, Launch Templates, AMIs | 30+ |
| Networking | VPCs, Subnets, Security Groups, NAT Gateways, Transit Gateways, Load Balancers (ELB/ALB/NLB) | 40+ |
| Storage | S3 Buckets, EBS Volumes, EBS Snapshots, EFS File Systems, Glacier Vaults | 15+ |
| Databases | RDS Instances/Clusters, DynamoDB Tables, ElastiCache Clusters, Neptune, Redshift | 40+ |
| Serverless | Lambda Functions, API Gateway APIs/Stages, Step Functions, EventBridge Rules | 25+ |
| Containers | ECS Clusters/Services/Tasks, ECR Repositories | 5+ |
| Security & Identity | IAM Users/Roles/Policies/Groups, KMS Keys, Secrets Manager, WAF Rules, Access Analyzer | 30+ |
| Monitoring & Management | CloudWatch Dashboards/Log Groups/Alarms, SNS Topics, SQS Queues, SSM Parameters | 20+ |
| DNS & Content Delivery | Route 53 Hosted Zones/Health Checks, CloudFront Distributions | 10+ |
| Analytics & Data | Kinesis Streams, Athena, Glue Databases/Crawlers, Redshift Spectrum | 15+ |
| Other | Cognito User Pools, Directory Service, Inspector, Macie, Backup Vaults | 40+ |
For the complete list of all 270+ supported types, see AWS Supported Resource Types.
AWS Permissions
See AWS IAM Roles and Policies for the permissions required for inventory discovery.
Google Cloud Platform (GCP)
CloudYali discovers 100+ GCP resource types using the Cloud Asset Inventory API, providing organization-wide visibility across all projects.
How GCP Discovery Works
- Resources are discovered via the Cloud Asset Inventory API at the organization level
- All resource types supported by the CAI API are automatically included
- Labels (GCP's equivalent of tags) are captured for filtering
- The CAI API provides a 35-day rolling window for configuration history snapshots
- On the first sync, CloudYali retrieves the full 35-day history; subsequent syncs fetch incremental changes
GCP Resource Categories
| Category | Examples |
|---|---|
| Compute | VM Instances, Instance Templates, Instance Groups, Managed Instance Groups, Disks, Snapshots, Images |
| Networking | VPC Networks, Subnets, Firewall Rules, Cloud NAT, Load Balancers, VPN Gateways, Cloud Router |
| Storage | Cloud Storage Buckets, Filestore Instances |
| Databases | Cloud SQL Instances, Cloud Spanner Instances, Bigtable Instances/Clusters, Firestore Databases |
| Big Data | BigQuery Datasets and Tables, Dataflow Jobs, Pub/Sub Topics and Subscriptions |
| Containers | GKE Clusters, Cloud Run Services and Revisions |
| Security | Service Accounts, IAM Policies, Secret Manager Secrets, KMS Keys |
| Monitoring | Cloud Monitoring Dashboards, Alert Policies, Uptime Checks |
GCP Permissions
| Permission | Role |
|---|---|
cloudasset.assets.listResource | roles/cloudasset.viewer |
cloudasset.assets.searchAllResources | roles/cloudasset.viewer |
See GCP Permissions for the complete reference.
GCP Resource Inventory is automatically enabled when you complete the GCP Onboarding Guide. The onboarding process includes the Cloud Asset API, Cloud Asset Viewer role, and Browser role.
If you completed GCP onboarding before this feature was available, follow the GCP Onboarding Guide to add the missing Browser role and enable the Cloud Asset API.
Microsoft Azure
CloudYali discovers all Azure resource types available through Azure Resource Graph, covering every connected subscription.
How Azure Discovery Works
- Resources are discovered via Azure Resource Graph queries across all connected subscriptions
- Change tracking is native to Azure and includes metadata about who made the change and how
- Deletion is detected when resources are no longer returned by the graph query
- Change history is stored efficiently using diff-only records (storing only what changed, not full snapshots)
- Supports all Azure account types: Pay-as-You-Go (PAYG), Microsoft Customer Agreement (MCA), and Enterprise Agreement (EA)
Azure Resource Categories
| Category | Examples |
|---|---|
| Compute | Virtual Machines, VM Scale Sets, Availability Sets, App Services |
| Networking | Virtual Networks, Subnets, Network Security Groups, Network Interfaces, Load Balancers, Application Gateways, VPN Gateways |
| Storage | Storage Accounts, Blob Containers, Managed Disks, File Shares |
| Databases | Azure SQL Database, Cosmos DB, Azure Database for PostgreSQL, Azure Database for MySQL |
| Containers | AKS Clusters, Container Registries, Container Instances |
| Web | App Services, Function Apps, API Management, Front Door |
| Security | Key Vaults, Managed Identities |
| Monitoring | Log Analytics Workspaces, Application Insights, Azure Monitor |
Azure Permissions
See Azure Permissions for Service Principal setup and required roles.
Fastly
CloudYali tracks Fastly CDN services, providing visibility into your content delivery infrastructure.
Fastly Resource Types
| Resource Type | Description |
|---|---|
fastly_service | CDN service configuration — includes both VCL (Varnish Configuration Language) and Compute@Edge service types |
What's Tracked
- Service name, ID, and type (VCL or Compute@Edge)
- Active version number
- Creation and deletion timestamps
- Service metadata and comments
Fastly Limitations
- No change history — Only the current service configuration is available
- No tags — Fastly services do not support tags or labels
- No region data — Fastly services are globally distributed; the region field is empty
Anthropic
CloudYali tracks Anthropic organizational resources, providing visibility into organizations, workspaces, users, and API key management.
Anthropic Resource Types
| Resource Type | Description |
|---|---|
anthropic_organization | Top-level organization entity |
anthropic_workspace | Workspace within an organization (container for API keys and users) |
anthropic_api_key | API key with name, hint, status, and associated workspace |
anthropic_user | User account with email, name, and role |
anthropic_workspace_member | Workspace membership linking a user to a workspace with a role |
What's Tracked
- Organization and workspace hierarchy
- API key lifecycle (creation, status changes, deletion)
- User access and workspace membership changes
- Role assignments at organization and workspace levels
Anthropic Limitations
- No change history — Only the current state is available
- No tags — Anthropic resources do not support tags
- No region data — Anthropic resources are not region-specific
For onboarding setup, see Anthropic Onboarding Guide.
Related Documentation
- Unified Asset Inventory Overview — Main inventory guide
- Configuration Change History — Compare resource configurations over time
- Filtering and Tag Search — Find resources by type, tag, region, and more
- Onboarding Cloud Accounts — Connect your cloud accounts to CloudYali