Available in VPC
Cloud Advisor is a NAVER Cloud Platform service that automatically checks the resources used on the NAVER Cloud Platform in terms of security, cost, and high availability. The Cloud Advisor service provides APIs for check-related features in RESTful form.
Common Cloud Advisor settings
The following describes commonly used request and response formats in Cloud Advisor APIs.
Request
The following describes the common request format.
API URL
The request API URL is as follows:
https://cloud-advisor.apigw.ntruss.com
Request headers
The following describes the request headers.
| Field | Required | Description |
|---|---|---|
x-ncp-apigw-timestamp |
Required | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC.
|
x-ncp-iam-access-key |
Required | Access key issued on NAVER Cloud Platform
|
x-ncp-apigw-signature-v2 |
Required | Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
|
x-ncp-lang |
Optional | Multilingual handling of response data
|
Note
See the following when calling the API.
- A 404 error will occur if you request an inspection item (
itemCode) that does not belong to an inspection category (categoryCode). - When calling the Cloud Advisor API from a sub account, only information for which the sub account has permission will be returned in the response results.
Response
The following describes the common response format.
Response example
The response example is as follows:
Succeeded
The following is a sample response upon a successful call.
{
"result": "SUCCESS",
"contents": [
{
"categoryCode": "SECURITY",
"categoryName": "Security"
},
{
"categoryCode": "COST",
"categoryName": "Expense and high utilization"
}
]
}
Failure
The following is a sample response upon a failed call.
{
"result": "FAIL"
"error": {
"errorCode": "API_CHECKITEM_NOT_FOUND",
"message": "The inspection item does not exist. (API_CHECKITEM_NOT_FOUND); field error"
}
}
Response status codes
The following describes the response status codes.
| HTTP status code | Code | Message | Description |
|---|---|---|---|
| 200 | - | OK | Request processing successful |
| 400 | - | MISSING_REQUIRED_PARAM_ERROR | Missing required parameters. |
| 400 | - | INVALID_PARAM_VALUE_ERROR | Invalid parameter. |
| 401 | - | NO_AUTHENTICATION_INFORMATION | Request authentication failed. |
| 403 | - | SUBACCOUNT_PERMISSION_DENIED | The sub account does not have permission for this feature. |
| 404 | - | CATEGORY_NOT_FOUND | The inspection category doesn't exist. |
| 404 | - | CHECKITEM_NOT_FOUND | The inspection item doesn't exist. |
| 500 | - | API_UNKNOWN_SERVER_ERROR | Unknown error. |
Note
For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.
Cloud Advisor checklist
The following describes the inspection items provided by the Cloud Advisor service for each inspection category.
Inspection category
The following describes inspection categories.
| Inspection category code | Description |
|---|---|
| SECURITY | Security category |
| COST | Expense & high availability category |
Checklist
The following describes the inspection items.
| Inspection category code | Inspection item code | Checklist | Description |
|---|---|---|---|
| SECURITY | SUB_ACCOUNT_ACCESSKEY | Sub Account access key management | Check the access key lifetime of a sub account. |
| SECURITY | SUB_ACCOUNT_USE | Use Sub Account. | Check whether the sub account is being used. |
| SECURITY | SUB_ACCOUNT_PASSWORD | Sub Account password management | Check the password usage date of a sub account. |
| SECURITY | SUB_ACCOUNT_SECONDARY | Sub Account two-factor authentication settings | Check whether two-factor authentication is enabled for a sub account. |
| SECURITY | MAIN_ACCOUNT_ACCESSKEY | Main account access key management | Check the access key lifetime of the main account. |
| SECURITY | MAIN_ACCOUNT_PASSWORD | Main account password management | Check the password usage date of the main account. |
| SECURITY | MAIN_ACCOUNT_SECONDARY | Main account two-factor authentication settings | Check whether two-factor authentication is enabled for the main account. |
| SECURITY | LOAD_BALANCER_LISTENER | Load Balancer listener security management | Check whether the listener settings for recommended encrypted communication are configured for application load balancers and network proxy load balancers created in the VPC environment. |
| SECURITY | DNS_SPF | Global DNS record SPF MX inspection | If an MX record exists in the Global DNS service, check whether an SPF or TXT record corresponding to the MX record exists. |
| SECURITY | DNS_TTL | Global DNS record TTL inspection | Check if there are any Global DNS records with a TTL higher than the recommended value of 300 seconds. |
| SECURITY | DNS_AUTHORITY | Global DNS authority NS inspection | Check whether the domain registrant or DNS is using the correct Global DNS name server. |
| SECURITY | OBJECT_STORAGE_BUCKET | Object Storage bucket permissions | Check the ACL of all buckets to determine whether they are publicly accessible. |
| SECURITY | CLOUD_DB_MYSQL_PORT | Cloud DB for MySQL default port inspection | Check whether the default port (3306) of a DB server created in the Cloud DB for MySQL service is in use. |
| SECURITY | ACG_PORT | ACG port management | Check whether there are ACG rules that disclose specific ports to the entire IP range (any open). |
| SECURITY | SUB_ACCOUNT_ROLE | Sub Account service role management | Check the role usage date for the Sub Account service. |
| COST | CLOVA_OCR_UNUSED_RESOURCES | Unused Resource - CLOVA OCR | Check whether there are any CLOVA OCR domains that have not been used in the last 7 days. |
| COST | CLOVA_DUBBING_UNUSED_RESOURCES | Unused Resource - CLOVA Dubbing | Check whether there are any CLOVA Dubbing domains that have not been used in the last 7 days. |
| COST | IDLE_RESOURCE_VM | Idle Resource - Server(VPC) | Check for Servers that appear to be unused due to low usage. |
| COST | IDLE_RESOURCE_LB | Idle Resource - Load Balancer(VPC) | Check for Load Balancers that appear to be unused due to low usage. |
| COST | HIGH_UTILIZATION_VM | High Utilization - Server(VPC) | Check if there are any Servers maintaining high CPU usage. |
| COST | HIGH_UTILIZATION_MYSQL | High Utilization - Cloud DB for MySQL(VPC) | Check if there are any DB servers for the Cloud DB for MySQL service that are maintaining high CPU usage. |
| COST | HIGH_UTILIZATION_REDIS | High Utilization - Cloud DB for Redis(VPC) | Check if there are any DB servers for the Cloud DB for Redis service that are maintaining high CPU usage. |
| COST | HIGH_UTILIZATION_MSSQL | High Utilization - Cloud DB for MSSQL(VPC) | Check if there are any DB servers for the Cloud DB for MSSQL service that are maintaining high CPU usage. |
| COST | HIGH_UTILIZATION_MONGO | High Utilization - Cloud DB for MongoDB(VPC) | Check if there are any DB servers for the Cloud DB for MongoDB service that are maintaining high CPU usage. |
| COST | OBJECT_STORAGE_MULTIPART | Incomplete multipart object in Object Storage | Check for incomplete multipart objects in a bucket. |
Cloud Advisor API
The following describes the APIs provided by the Cloud Advisor service.
| API | Description |
|---|---|
| Get inspection category | Get an inspection category provided by the Cloud Advisor service. |
| Get inspection category status | Get whether inspection requests can be made for all inspection items in an inspection category. |
| Request inspection category inspection | Request inspection of all inspection items in an inspection category. |
| Get inspection category inspection result level | Get a summary of inspection results by notification level for all inspection items in an inspection category. |
| Get inspection category inspection result summary | Get a summary of inspection results by notification level for all inspection items in an inspection category. |
| Download inspection category inspection results | Download inspection results for all inspection items in an inspection category. |
| Get inspection item | Get an inspection item provided by the Cloud Advisor service. |
| Get inspection item status | Get whether inspection requests can be made for an inspection item. |
| Request inspection item inspection | Request inspection for an inspection item. |
| Get inspection item inspection result summary | Get inspection item inspection result summary. |
| Get details of inspection item inspection results | Get detailed inspection results for each instance for an inspection item. |
| Download inspection item inspection results | Download inspection results for an inspection item. |
| Set detailed inclusion for inspection results | Set instances to include when querying detailed inspection results for inspection items. |
| Set detailed exclusion for inspection results | Set instances to exclude when querying detailed inspection results for inspection items. |
| Download inspection results | Download inspection results for all inspection items in an inspection category. |
Cloud Advisor related resources
NAVER Cloud Platform provides a variety of related resources to help users better understand Cloud Advisor APIs.
- Cloud Advisor API guides
- Create signature: how to create a signature to add to the request header
- API Gateway User Guide: how to issue the API key to be added to the request header
- Sub Account User Guide: how to issue the access key to be added to the request header
- Common Ncloud response status codes: information on common response status codes of NAVER Cloud Platform used by the Cloud Advisor service
- How to use the Cloud Advisor service
- Cloud Advisor User Guide: how to use Cloud Advisor in the NAVER Cloud Platform console
- Ncloud use environment guide: guide for VPC and Classic environments and support availability
- Introduction to pricing, characteristics, and detailed features: the summary of pricing system, characteristics, and detailed features of Cloud Advisor
- Latest service news: the latest news on the Cloud Advisor service
- FAQ: frequently asked questions from the Cloud Advisor service users
- Contact us: Send direct inquiries for unresolved questions that aren't answered by the API guide