1. Help & Support
  2. Automation & Remediation

Predefined Automations in Hyperglance

See a complete list of the automation 'actions' that are included in the latest version of Hyperglance

What is an Automation?

In Hyperglance, an automation is the combination of a rule and a resulting action. If an automation fixes a problem/issue, the automation can also be referred to as a remediation.

Hyperglance ships with over 50 automations ready to use "out of the box".

Hyperglance also ships with hundreds of predefined rules. These rules monitor your cloud environments using a customizable set of parameters. If your rule runs (manually or automatically) and finds one or more resources that meet your criteria, then it can trigger notifications and actions... or nothing, if you prefer!

Actions are contextual, too. This prevents you from accidentally creating impossible automations, e.g. you can't use the 'Attach an IAM role' action if IAM users aren't the subject of the rule in the first place.

If you can't find a predefined automation that does exactly what you need, you can also add your own automations.

Hyperglance Predefined Automations

Our automation library is constantly growing, with Azure support coming in 2022.

Here is the current list of pre-defined automations (grouped by resource type) that are included with the latest version of Hyperglance.

The automations are grouped by the type of resource they can apply to, and are listed in this format:

Automation Name Automation Description

AMI

Add Tag Adds a tag to a resource
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

AMI Image

Set AMI to Private Sets and AMI to Private if it is currently Public

Application Load Balancer

Delete Load Balancer Destroys ALB/NLB Elastic Load Balancer (v2)

Aurora DB Cluster

Delete Aurora Cluster Deletes an Aurora DB Cluster

Dynamo DB Table

Delete Dynamo DB Table Deletes a specified Dynamo DB Table

EBS Snapshot

Add Tag Adds a tag to a resource
Delete EBS Snapshot Deletes a specified EBS Snapshot
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

EBS Volume

Add Tag Adds a tag to a resource
Delete EBS Volume Deletes a specified EBS Volume - Must not be attached to a spot request instance
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

EC2 Instance

Add Tag Adds a tag to a resource
Attach IAM Role Attaches an IAM role to an Instance
Delete EC2 Key Pair Deletes a specified EC2 Key Pair
Detach IAM Role Detaches a specified role from an EC2 Instance
Quarantine EC2 Instance Quarantines an EC2 Instance by attaching it to a Security group with no Ingress or Egress rules
Release Elastic IP Releases an Elastic IP from associated EC2 Instance
Remove Tag Removes a tag from a resource
Snapshot Instance Snapshots attached EBS Volumes
Start Instance Immediately Starts an EC2 Instance
Stop Instance Immediately Stops an EC2 Instance
Terminate Instance Terminates an EC2 Instance
Update Tag Replaces a tag's key but keeps its value

EC2 Snapshot

Update Tag Replaces a tag's key but keeps its value

ECS Cluster

Stop ECS Cluster Stops ECS Cluster

IAM Policy

Delete Default Policy Version Deletes the default policy version, and sets latest version as active

IAM User

Attach policy to User Attaches an existing policy to an IAM User
Deactivate Keys Deactivates Unused Access Keys
Delete Access Keys Deletes IAM Access Keys
Detach User from Group Detaches an IAM User from a specified User Group
Disable Console Access Disables a users console access, but leaves programmatic access intact
Force Password Change Forces an IAM User to change their password on next login
Quarantine User Attaches a DENY ALL policy to the user
Revoke Access Key Revokes IAM User Access Keys

Internet Gateway

Add Tag Adds a tag to a resource
Delete Internet Gateway Deletes a specified Internet Gateway
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

Lambda Function

Disable Lambda Disables a Lambda from Executing
Remove Layers Removes Layers from a Lambda Function.

NAT Gateway

Remove Layers Removes Layers from a Lambda Function.
Delete NAT Gateway Deletes a specified NAT Gateway

Network ACL

Add Tag Adds a tag to a resource
Delete ACL Deletes an Access Control List
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

Network Interface

Add Tag Adds a tag to a resource
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

Network Load Balancer

Delete Load Balancer Destroys ALB/NLB Elastic Load Balancer (v2)

Placement Group

Update Tag Replaces a tag's key but keeps its value

RDS DB Instance

Delete RDS DB Instance Deletes an RDS DB Instance
Quarantine RDS Instance Quarantines and RDS Instance by applying a DENY ALL Security Group

Redshift Cluster

Delete Redshift Cluster Deletes a Redshift Cluster

Region

Enable KMS Rotation Enables rotations of KMS Keys

Route Table

Add Tag Adds a tag to a resource
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

S3 Bucket

Block S3 Public Access Blocks all public access to an S3 Bucket
Clear an S3 Bucket Removes the contents of an S3 bucket
Delete S3 ACLs Deletes S3 Bucket Access Control Lists
Delete S3 Permissions Deletes all ACLs and Bucket Policies from an S3 bucket
Enable Access Logging Enables Access Logging for S3 Buckets
Enable S3 Encryption Enables AES265 Encryption on S3 Bucket Objects
Enable S3 Versioning Enables Object Versioning
S3 Enforce SSL Enforces SSL for object access

Security Group

Add Tag Adds a tag to a resource
Delete Rules Removes all Egress and Ingress rules from a Security Group
Delete Security Group Deletes a specified Security Group
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

SNS Topic

Add Tag Adds a tag to a resource
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

SQS Queue

Add Tag Adds a tag to a resource
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

Subnet

Add Tag Adds a tag to a resource
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

VPC

Add Tag Adds a tag to a resource
Isolate VPC Isolates an Entire VPC by applying a Deny ALL Network ACL and attaching a Deny All IAM Policy to all users
Remove Tag Removes a tag from a resource
Update Tag Replaces a tag's key but keeps its value

Workspace

Start Workspace Starts a Workspace
Stop Workspace Stops a Workspace
Terminate Workspace Terminates a Running Workspace

Automation Details (JSON)

{
"automations": [
{
"name": "ec2_delete_internet_gateway",
"displayName": "Delete Internet Gateway",
"description": "Deletes a specified Internet Gateway",
"resourceTypes": [
"Internet Gateway"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:DeleteInternetGateway"
]
},
{
"name": "iam_quarantine_user",
"displayName": "Quarantine User",
"description": "Attaches a DENY ALL policy to the user",
"resourceTypes": [
"IAM User"
],
"params": [],
"permissions": [
"iam:CreatePolicy",
"iam:AttachUserPolicy"
]
},
{
"name": "ec2_detach_role",
"displayName": "Detach IAM Role",
"description": "Detaches a specified role from an EC2 Instance",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "Role",
"type": "string",
"default": " "
}
],
"permissions": [
"iam:ListInstanceProfilesForRole",
"iam:RemoveRoleFromInstanceProfile"
]
},
{
"name": "ec2_attach_role",
"displayName": "Attach IAM Role",
"description": "Attaches and IAM role to an Instance",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "Role",
"type": "string",
"default": " "
}
],
"permissions": [
"ec2:AssociateIamInstanceProfile",
"iam:GetRole",
"iam:CreateInstanceProfile",
"iam:PassRole",
"iam:AddRoleToInstanceProfile",
"iam:GetInstanceProfile",
"iam:ListInstanceProfilesForRole"
]
},
{
"name": "ec2_release_eips",
"displayName": "Release Elastic IP",
"description": "Releases and Elastic IP from associated EC2 Instance",
"resourceTypes": [
"EC2 Instance"
],
"params": [],
"permissions": [
"ec2:DescribeAddresses",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress"
]
},
{
"name": "s3_clear_bucket",
"displayName": "Clear an S3 Bucket",
"description": "Removes the contents of an S3 bucket",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:ListBucket"
]
},
{
"name": "iam_user_attach_policy",
"displayName": "Attach policy to User",
"description": "Attaches an existing policy to an IAM User.",
"resourceTypes": [
"IAM User"
],
"params": [
{
"name": "Policy",
"type": "string",
"default": ""
}
],
"permissions": [
"iam:AttachUserPolicy",
"iam:ListPolicies"
]
},
{
"name": "ebs_delete_volume",
"displayName": "Delete EBS Volume",
"description": "Deletes a specified EBS Volume - Must not be attached to a spot request instance",
"resourceTypes": [
"EBS Volume"
],
"params": [],
"permissions": [
"ec2:DeleteVolume",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:StopInstances",
"ec2:DescribeInstances"
]
},
{
"name": "ec2_quarantine_instance",
"displayName": "Quarantine EC2 Instance",
"description": "Quarantines and EC2 Instance by attaching it to a Security group with no Ingress or Egress rules",
"resourceTypes": [
"EC2 Instance"
],
"params": [],
"permissions": [
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:ModifyInstanceAttribute"
]
},
{
"name": "ec2_delete_security_group",
"displayName": "Delete Security Group",
"description": "Deletes a specified Security Group",
"resourceTypes": [
"Security Group"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:DeleteSecurityGroup"
]
},
{
"name": "iam_delete_default_policy_version",
"displayName": "Delete Default Policy Version",
"description": "Deletes the default policy version, and sets latest version as active",
"resourceTypes": [
"IAM Policy"
],
"params": [],
"permissions": [
"iam:ListPolicyVersions",
"iam:GetPolicy",
"iam:SetDefaultPolicyVersion",
"iam:DeletePolicyVersion"
]
},
{
"name": "update_tag",
"displayName": "Update Tag",
"description": "Replaces a tags key but keeps its value",
"resourceTypes": [
"Security Group",
"EC2 Instance",
"AMI",
"Internet Gateway",
"Network Acl",
"Network Interface",
"Placement Group",
"Route Table",
"EC2 Snapshot",
"Subnet",
"EBS Snapshot",
"EBS Volume",
"VPC",
"SNS Topic",
"SQS Queue"
],
"params": [
{
"name": "New Key",
"type": "string",
"default": ""
}
],
"permissions": [
"ec2:CreateTags",
"sns:TagResource",
"sqs:TagQueue",
"ec2:DeleteTags",
"sns:UntagResource",
"sqs:UntagQueue"
]
},
{
"name": "s3_block_public_access",
"displayName": "Block S3 Public Access",
"description": "Blocks all public access to S3 Bucket",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:PutBucketPublicAccessBlock"
]
},
{
"name": "s3_enable_encryption",
"displayName": "Enable S3 Encryption",
"description": "Enables AES265 Encryption on S3 Bucket Objects",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:PutEncryptionConfiguration"
]
},
{
"name": "rds_quarantine_instance",
"displayName": "Quarantine RDS Instance",
"description": "Quarantines and RDS Instance by applying a DENY ALL Security Group",
"resourceTypes": [
"RDS DB Instance"
],
"params": [],
"permissions": [
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"rds:ModifyDBInstance",
"rds:StopDBInstance"
]
},
{
"name": "elb_delete_load_balancer",
"displayName": "Delete Load Balancer",
"description": "Destroys ALB/NLB Elastic Load Balancer (v2)",
"resourceTypes": [
"Application Load Balancer",
"Network Load Balancer"
],
"params": [],
"permissions": [
"elasticloadbalancing:DeleteLoadBalancer"
]
},
{
"name": "ec2_start_instance",
"displayName": "Start Instance",
"description": "Immediately Starts an EC2 Instance",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:StartInstances"
]
},
{
"name": "vpc_isolate",
"displayName": "Isolate VPC",
"description": "Isolates an Entire VPC by applying a Deny ALL Network ACL and attaching a Deny All IAM Policy to all users",
"resourceTypes": [
"VPC"
],
"params": [],
"permissions": [
"ec2:ModifyVpcAttribute",
"iam:CreatePolicy",
"ec2:DescribeNetworkAcls",
"ec2:CreateNetworkAcl",
"ec2:ReplaceNetworkAclAssociation",
"iam:ListUsers"
]
},
{
"name": "ec2_stop_instance",
"displayName": "Stop Instance",
"description": "Immediately Stops an EC2 Instance",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:StopInstances"
]
},
{
"name": "ami_set_private",
"displayName": "Set AMI to Private",
"description": "Sets and AMI to Private if it is currently Public",
"resourceTypes": [
"AMI Image"
],
"params": [],
"permissions": [
"ec2:ModifyImageAttribute"
]
},
{
"name": "iam_delete_access_key",
"displayName": "Delete Access Keys",
"description": "Deletes IAM Access Keys",
"resourceTypes": [
"IAM User"
],
"params": [],
"permissions": [
"iam:ListAccessKeys",
"iam:DeleteAccessKey"
]
},
{
"name": "remove_tag",
"displayName": "Remove Tag",
"description": "Removes a tag",
"resourceTypes": [
"Security Group",
"EC2 Instance",
"AMI",
"Internet Gateway",
"Network Acl",
"Network Interface",
"Route Table",
"EBS Snapshot",
"EBS VolumeSubnet",
"VPC",
"SQS Queue",
"SNS Topic"
],
"params": [
{
"name": "Key",
"type": "string",
"default": ""
}
],
"permissions": [
"ec2:DeleteTags",
"sns:UntagResource",
"sqs:UntagQueue"
]
},
{
"name": "workspaces_terminate_workspace",
"displayName": "Terminate Workspace",
"description": "Terminates a Running Workspace",
"resourceTypes": [
"Workspace"
],
"params": [],
"permissions": [
"workspaces:TerminateWorkspaces"
]
},
{
"name": "acl_delete",
"displayName": "Delete ACL",
"description": "Deletes an Access Control List",
"resourceTypes": [
"Network ACL"
],
"params": [],
"permissions": [
"ec2:DeleteNetworkAcl"
]
},
{
"name": "workspaces_stop_workspace",
"displayName": "Stop Workspace",
"description": "Stops a Workspace",
"resourceTypes": [
"Workspace"
],
"params": [],
"permissions": [
"workspaces:StopWorkspaces"
]
},
{
"name": "ec2_snapshot_instance",
"displayName": "Snapshot Instance",
"description": "Snapshots attached EBS Volumes",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:CreateSnapshots"
]
},
{
"name": "iam_disable_user_console_password",
"displayName": "Disable Console Access",
"description": "Disables a users console access, but leaves programmatic access intact",
"resourceTypes": [
"IAM User"
],
"params": [],
"permissions": [
"iam:DeleteLoginProfile"
]
},
{
"name": "lambda_detach_external_layers",
"displayName": "Remove Layers",
"description": "Removes Layers from a Lambda Function.",
"resourceTypes": [
"Lambda Function"
],
"params": [],
"permissions": [
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
]
},
{
"name": "add_tag",
"displayName": "Add Tag",
"description": "Adds a tag to a resource",
"resourceTypes": [
"Security Group",
"EC2 Instance",
"AMI",
"Internet Gateway",
"Network Acl",
"Network Interface",
"Route Table",
"EBS Snapshot",
"EBS Volume",
"Subnet",
"VPC",
"SNS Topic",
"SQS Queue"
],
"params": [
{
"name": "Key",
"type": "string",
"default": ""
},
{
"name": "Value",
"type": "string",
"default": ""
}
],
"permissions": [
"ec2:CreateTags",
"sns:TagResource",
"sqs:TagQueue",
"sqs:GetQueueUrl"
]
},
{
"name": "kms_enable_rotation",
"displayName": "Enable KMS Rotation",
"description": "Enables rotations of KMS Keys",
"resourceTypes": [
"Region"
],
"params": [
{
"name": "KMS Key Id",
"type": "string",
"default": ""
}
],
"permissions": [
"kms:EnableKeyRotation"
]
},
{
"name": "s3_allow_ssl_only",
"displayName": "S3 Enforce SSL",
"description": "Enforces SSL for object access",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:PutBucketPolicy"
]
},
{
"name": "ec2_delete_nat_gateway",
"displayName": "Delete NAT Gateway",
"description": "Deletes a specified NAT Gateway",
"resourceTypes": [
"NAT Gateway"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:DeleteNatGateway"
]
},
{
"name": "ecs_stop",
"displayName": "Stop ECS Cluster",
"description": "Stops ECS Cluster",
"resourceTypes": [
"ECS Cluster"
],
"params": [],
"permissions": [
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeTaskDefinition",
"ecs:StopTask",
"ecs:UpdateContainerInstancesState"
]
},
{
"name": "ec2_terminate_instance",
"displayName": "Terminate Instance",
"description": "Terminates EC2 Instance",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
},
{
"name": "SnapShotBeforeTerminate",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:TerminateInstances"
]
},
{
"name": "rds_terminate_instance",
"displayName": "Delete RDS DB Instance",
"description": "Deletes an RDS DB Instance",
"resourceTypes": [
"RDS DB Instance"
],
"params": [
{
"name": "SkipSnapshot",
"type": "boolean",
"default": "false"
},
{
"name": "DeleteBackups",
"type": "boolean",
"default": "false"
}
],
"permissions": [
"rds:DeleteDBInstance"
]
},
{
"name": "dynamodb_delete_table",
"displayName": "Delete Dynamo DB Table",
"description": "Deletes a specified Dynamo DB Table",
"resourceTypes": [
"DynamoDB Table"
],
"params": [],
"permissions": [
"dynamodb:DeleteTable"
]
},
{
"name": "iam_revoke_access_key",
"displayName": "Revoke Access Key",
"description": "Revokes IAM User Access Keys",
"resourceTypes": [
"IAM User"
],
"params": [],
"permissions": [
"iam:ListAccessKeys",
"iam:UpdateAccessKey"
]
},
{
"name": "s3_enable_versioning",
"displayName": "Enable S3 Versioning",
"description": "Enables Object Versioning",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:PutBucketVersioning"
]
},
{
"name": "iam_user_detach_group",
"displayName": "Detach User from Group",
"description": "Detaches a user from a specified User Group",
"resourceTypes": [
"IAM User"
],
"params": [
{
"name": "Group",
"type": "string",
"default": ""
}
],
"permissions": [
"iam:RemoveUserFromGroup"
]
},
{
"name": "sg_delete_rules",
"displayName": "Delete Rules",
"description": "Removes all Egress and Ingress rules from a Security Group",
"resourceTypes": [
"Security Group"
],
"params": [],
"permissions": [
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
]
},
{
"name": "iam_deactivate_unused_access_keys",
"displayName": "Deactivate Keys",
"description": "Deactivates Unused Access Keys",
"resourceTypes": [
"IAM User"
],
"params": [
{
"name": "MaxDaysUsed",
"type": "number",
"default": "90"
}
],
"permissions": [
"iam:ListAccessKeys",
"iam:UpdateAccessKey",
"iam:GetAccessKeyLastUsed"
]
},
{
"name": "lambda_disable",
"displayName": "Disable Lambda",
"description": "Disables a Lambda from Executing",
"resourceTypes": [
"Lambda Function"
],
"params": [],
"permissions": [
"lambda:PutFunctionConcurrency"
]
},
{
"name": "ec2_delete_key_pair",
"displayName": "Delete EC2 Key Pair",
"description": "Deletes a specified EC2 Key Pair",
"resourceTypes": [
"EC2 Instance"
],
"params": [
{
"name": "Key Name",
"type": "string"
}
],
"permissions": [
"ec2:DeleteKeyPair"
]
},
{
"name": "s3_delete_permissions",
"displayName": "Delete S3 Permissions",
"description": "Deletes all ACLs and Bucket Policies from an S3 bucket",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:DeleteBucketPolicy",
"s3:PutBucketAcl"
]
},
{
"name": "s3_enable_logging",
"displayName": "Enable Access Logging",
"description": "Enables Access Logging for S3 Buckets",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:ListBucket",
"s3:CreateBucket",
"s3:PutBucketLogging"
]
},
{
"name": "redshift_delete_cluster",
"displayName": "Delete Redshift Cluster",
"description": "Deletes a Redshift Cluster",
"resourceTypes": [
"Redshift Cluster"
],
"params": [
{
"name": "SkipSnapshot",
"type": "boolean",
"default": "false"
}
],
"permissions": [
"redshift:DeleteCluster"
]
},
{
"name": "s3_delete_acls",
"displayName": "Delete S3 ACLs",
"description": "Deletes S3 Bucket Access Control Lists",
"resourceTypes": [
"S3 Bucket"
],
"params": [],
"permissions": [
"s3:PutBucketAcl"
]
},
{
"name": "workspaces_start_workspace",
"displayName": "Start Workspace",
"description": "Starts a Workspace",
"resourceTypes": [
"Workspace"
],
"params": [],
"permissions": [
"workspaces:StartWorkspaces"
]
},
{
"name": "rds_aurora_delete_cluster",
"displayName": "Delete Aurora Cluster",
"description": "Deletes and Aurora DB Cluster",
"resourceTypes": [
"Aurora DB Cluster"
],
"params": [
{
"name": "SkipAuroraSnapshot",
"type": "boolean",
"default": "false"
}
],
"permissions": [
"rds:DeleteDBCluster",
"rds:DescribeDBClusters",
"rds:ModifyDBCluster"
]
},
{
"name": "ec2_delete_snapshot",
"displayName": "Delete EBS Snapshot",
"description": "Deletes a specified EBS Snapshot",
"resourceTypes": [
"EBS Snapshot"
],
"params": [
{
"name": "DryRun",
"type": "boolean",
"default": "true"
}
],
"permissions": [
"ec2:DeleteSnapshot"
]
},
{
"name": "iam_force_user_password_change",
"displayName": "Force Password Change",
"description": "Forces user to change their password on next login",
"resourceTypes": [
"IAM User"
],
"params": [],
"permissions": [
"iam:UpdateLoginProfile"
]
}
]
}