Abstract: A resource management system of a computing resource service provider performs adoptions of virtual resource instances, such as virtual machine instances and virtual data store instances that were not instantiated as members of a logical container, into logical containers that are used to manage members of the logical containers as a group. Adopting such “candidate” resources that were not generated from programmable infrastructure templates allows the resources to be managed in accordance with an infrastructure-as-code framework, alongside resources that are generated from such templates. A template for launching infrastructure instances may be modified to include an adopted resource definition describing the configuration of the adopted resource, so that management operations can be performed on the adopted resource together with the other members of the container.

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.

Abstract: A resource management system of a computing resource service provider performs adoptions of virtual resource instances, such as virtual machine instances and virtual data store instances that were not instantiated as members of a logical container, into logical containers that are used to manage members of the logical containers as a group. Adopting such “candidate” resources that were not generated from programmable infrastructure templates allows the resources to be managed in accordance with an infrastructure-as-code framework, alongside resources that are generated from such templates. A template for launching infrastructure instances may be modified to include an adopted resource definition describing the configuration of the adopted resource, so that management operations can be performed on the adopted resource together with the other members of the container.

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.