Resources

Last modified on November 8, 2024

Overview

The Infrastructure section of the Admin UI is where you can add, view, manage, and search all of your organization’s resources, including clouds, clusters, datasources, servers, and websites.

How to Add Resources

In the Admin UI, click Resources in the navigation menu.
Select the kind of resource you wish to add.
Click the Add button.

To prevent being locked out of critical resources during emergency “break-glass” scenarios, we recommend configuring local admin accounts on end resources.

How to Manage Resources

To get more details about, clone, edit, or delete resources, you can click the Actions button next to the resource’s name, or you can click into the resource’s name to view or modify the resource’s settings.

Clicking the Actions button for a resource displays the actions you can take on the selected resource, without having to go into the resource’s details.

Healthcheck individual resources

Healthchecks verify that StrongDM can reach the resource, and show the resource as available and healthy in the Admin UI and in the desktop app for users who have access to that resource. To initiate a healthcheck for a specific resource from the CLI, use the following command:

sdm admin resources healthcheck <RESOURCE_ID>

The placeholder <RESOURCE_ID> is the ID of your resource, or its exact name. If the name matches more than one resource, the healthcheck will fail. The command does not give a response. It will simply initiate the healthcheck to update that status within StrongDM if it needs to be updated.

Healthcheck node/resource pairs

Healthchecks can also be performed across your StrongDM network for every node/resource pair. Each gateway or relay that can reach out to a particular resource constitutes a pair. Both nodes and resources can show up in multiple pairs, because in many network arrangements nodes can connect with multiple resources, and multiple nodes can connect to any given resource. The command for listing healthchecks for all node/resource pairs is:

sdm admin healthchecks list

Running the command returns a list of results, if any match the search filters:

ResourceName       ResourceID             NodeName          NodeID                 Healthy     Error     Time
testResource01     rs-32e6c4g67392tk0     testGateway_A     n-3950j34d58489ds9     true                  2024-11-04 13:49:36.793649 +0000 UTC
testResource01     rs-32e6c4g67392tk0     testGateway_B     n-9557s22n88047gw5     false                 2024-11-04 07:22:11.568427 +0000 UTC
testResource02     rs-57d7k2o45896ad2     testGateway_A     n-3950j34d58489ds9     true                  2024-11-04 13:37:33.664810 +0000 UTC
testResource03     rs-34h3s4k35288dr9     testGateway_A     n-3950j34d58489ds9     false                 2024-11-03 19:11:16.747920 +0000 UTC

In this example, you could make the following assumptions:

testResource1 is healthy and testGateway_A is healthy, since that pair checks healthy.
testGateway_B is possibly unhealthy, because when paired with testResource01 that pair was unhealthy. Of course, they were last checked at different times, so further investigation is warranted.
testResource02 is healthy.
testResource03 is likely unhealthy, because when paired with the gateway we believe is healthy, it was not.

This command can provide a starting point to look for specific problems, which can be hard to identify if your fleet of gateways and resources often has unhealthy infrastructure in it. Now you can look at the individual entries that include the problematic resource or gateway. This list also confirms whether your networking setup is functioning as you wish it to, and that particular resources are reachable through the nodes that you intend them to be (such as when using relays in private subnets, or segmenting your network with Explicit Routing).

The returned list can be filtered, and provides more detail about routing problems. The resource is considered healthy if at least one node can reach it, but seeing the health of all of the pairs that contain that resource might help to narrow down issues with infrastructure.

Resource Search

The Search field allows you to find resources in your organization according to display name, health, resource type, authentication method, and assigned tags. You can either type into the Search field or use the filter buttons to quickly find resources by type, health status, assigned tags, and/or their secret stores. The table header displays the number of results returned by the active search and filter query.

Free-text search

You can enter any text or string, even partial strings, into the Search field. The Admin UI checks against all resource names.

Resource filters display resources according to their type (for example, MySQL is a datasource type), status (healthy or unhealthy), tags (any assigned tags), or configured secret store (StrongDM or a secrets management tool).

You can type or copy/paste the following filters into the Search field, with or without other text. Do not use quotes or tick marks.

Filter	Description	Example Search
`healthy:<TRUE\|FALSE>`	Shows all resources that are healthy (`true`) or unhealthy (`false`)	For any resource, `status:unhealthy` finds all unhealthy resources
`identityEnabled:<TRUE\|FALSE>`	Shows SSH or Kubernetes resources that use either Identity Aliases (`true`) or leased credentials (`false`) to authenticate	For cluster resources, `IdentityEnabled:false` finds all clusters that use the default leased credentials for authentication
`secretStoreId:<SECRET_STORE_ID>`	Shows resources with the specified secret store identifier; you can find identifiers next to secret store names in the Admin UI’s Settings > Credentials Management > Secret Stores section	`secretStoreId:se-1b234c56789d012e` finds all resources that store credentials in the secret store with identifier “se-1b234c56789d012e”
`tags:title=value`	Shows resources with the specified tag; supports wildcards (`*`)	`tags:env=prod` or `tags:env=pr` finds all resources with the env=prod* tag; tag values containing commas must be inside quotes (for example, `tags:region="useast,uswest"`)
`type:<RESOURCE_TYPE>`	Shows specified types of resources	If searching clusters, `type:kubernetes` finds all Kubernetes clusters

Filter buttons

Alternatively, you may narrow the search results by selecting one or more of the following filter buttons instead of typing it out:

Secret Store automatically populates filters based on secret stores selected for resources.
Status automatically populates filters based on health status.
Tags automatically populates filters based on assigned resource tags.
Type automatically populates filters based on the type of resource.

Save your favorite search and filter queries

The parameters of your search and filter queries are reflected in the page URL, allowing you to bookmark your favorite searches and filters in your web browser.

For example, when filtering datasources to find only the MySQL datasource type, the URL becomes https://app.strongdm.com/app/infrastructure/datasources?type=mysql.

Note that when filtering resources by secret store, the URL includes the secret store ID parameter instead of the secret store name (for example, https://app.strongdm.com/app/infrastructure/datasources?secretStoreId=se-1b234c56789d012e).

You can find resources and information about the following StrongDM topics in this section:

Resources

Overview #

How to Add Resources #

How to Manage Resources #

Healthcheck individual resources #

Healthcheck node/resource pairs #

Resource Search #

Free-text search #

Resource search filters #

Filter buttons #

Save your favorite search and filter queries #