Skip to content

Operate Cloud Discovery

Discovery Operations is the backend-owned history and control surface for read-only discovery, managed-resource observations, drift, reconciliation, unsupported resources, and safe activity evidence.

Typical time
15–30 minutes
You need
A project and tested cloud account
Outcome
A scoped, evidence-backed next action

Choose the Project, Cloud account, Region, and optional Workspace. Project-level scope is distinct from a workspace-bound run.

The header actions are:

  • Start Discovery, which queues a read-only scan for the selected account and region; and
  • Refresh Managed Resources, which reloads current backend-owned operational records.

Refresh does not start a new provider scan. Start Discovery does not create, update, or delete cloud resources.

Discovery operations 1 of 9 · Screenshot placeholder

Confirm scope before an operation

Show synthetic Project, Cloud account, Region, Workspace, Start Discovery, and Refresh Managed Resources controls.

Future capture briefHide provider account IDs, tenant data, workspace IDs, resource names, and customer counts.

Metric cards open bounded details for Managed Resources, Drift Reports, Reconciliation, Unsupported Resources, and Activity & Audit.

The tables use six tabs:

  1. Discovery Runs
  2. Managed Resources
  3. Drift Reports
  4. Reconciliation
  5. Unsupported Resources
  6. Activity & Audit

Select a metric or tab to change the current read view. Use the table-level Refresh Discovery Operations action when you need the latest backend records.

Discovery operations 2 of 9 · Screenshot placeholder

Navigate current discovery evidence

Show all five metric cards, six tabs, and the table refresh control.

Future capture briefUse small synthetic counts. Hide customer status history, identifiers, and provider metadata.

Filter by search text, status, account, region, workspace, and date range. Results use backend-owned pagination; Previous and Next request another bounded page rather than filtering a complete history in the browser.

Open the run ID or choose View run details to review status, scope, safe logs, failures, unsupported results, and audit context.

The row menu also shows Download safe summary. In the current interface that action opens the run details; it does not download a file. Do not claim that a summary was exported unless a future interface returns an actual download.

Discovery operations 3 of 9 · Screenshot placeholder

Filter bounded run history

Show synthetic run filters, backend pagination, and the run row action menu.

Future capture briefHide run IDs, account labels, request IDs, actor details, timestamps, and raw logs.

The run drawer can expose:

  • Cancel for active work; completed discovery remains visible;
  • Retry failed only, which creates a linked run for eligible failed scope;
  • Archive run, which removes the run from the default list but preserves safe history and audit evidence;
  • Delete discovery run, which removes the history/results record after confirmation but never deletes cloud resources; and
  • Run full discovery again, which starts a separate full run.

The row menu uses Rerun discovery and Cancel running discovery for the same governed lifecycle. Wait for the action to finish before taking another action. A queued or accepted request is not proof that the provider scan completed.

Discovery operations 4 of 9 · Screenshot placeholder

Choose retry, cancel, archive, delete, or rerun

Show a synthetic run drawer with every current Run Actions control and its disabled reason.

Future capture briefUse safe statuses and messages. Exclude raw logs, provider payloads, queue details, account IDs, and request IDs.

Step 5: Inspect and refresh a managed resource

Section titled “Step 5: Inspect and refresh a managed resource”

The Managed Resources row menu provides:

  • View resource;
  • Open on canvas;
  • View Terraform mapping;
  • Refresh resource; and
  • View drift.

Refresh queues or performs a sanitized provider observation for that binding. Review the updated sync state and timestamp. It does not import a resource into Terraform, change the canvas, or repair drift automatically.

When Governed detach is available, provide a reason and confirm Create detach request. Detach prepares a governed Terraform handoff; it does not silently delete the provider resource.

Discovery operations 5 of 9 · Screenshot placeholder

Inspect a managed-resource binding

Show the managed-resource row actions, sanitized detail, and an optional governed detach request.

Future capture briefMask provider resource IDs, Terraform addresses, canvas IDs, state values, and customer metadata.

Open Drift Reports and choose:

  • Review drift to compare sanitized desired and observed values;
  • Accept cloud change to prepare a reconciliation proposal;
  • Ignore with reason to record an explicit bounded decision; or
  • Open on canvas to inspect design context.

Accepting drift is not an apply. It prepares reviewable reconciliation evidence. Ignoring drift does not erase the observation or its audit history.

Discovery operations 6 of 9 · Screenshot placeholder

Make a recorded drift decision

Show a synthetic field-level diff and the current drift actions.

Future capture briefUse harmless example values. Hide resource IDs, actors, customer configuration, raw state, and provider data.

The Reconciliation row menu exposes Open proposal, Review diff, and Accept cloud change. A proposal also shows that validation, plan, policy, cost review, and approval are required before apply.

Open Terraform revision is currently disabled in this table. Do not describe it as available or use reconciliation status as cloud-change proof.

Discovery operations 7 of 9 · Screenshot placeholder

Review the reconciliation handoff

Show one synthetic proposal with validation, plan, policy, cost, approval, and disabled Terraform-revision state.

Future capture briefHide plan output, revision IDs, approvers, cost data, resource identifiers, and provider targets.

Step 8: Review unsupported resources honestly

Section titled “Step 8: Review unsupported resources honestly”

Unsupported resources remain report-only. Use View details to understand the current support reason. Request support currently opens the same bounded detail rather than submitting an external request, and Hide from this view is disabled.

Do not represent an unsupported resource as managed, mapped, validated, or covered by generated Terraform.

Discovery operations 8 of 9 · Screenshot placeholder

Keep unsupported resources report-only

Show the unsupported-resource action menu with its current available and disabled actions.

Future capture briefUse fabricated resource types and identifiers. Hide provider inventory, customer names, and raw support payloads.

Activity & Audit lists safe action, resource, result, time, actor, and request context. Choose View safe details for bounded metadata.

Use audit evidence to explain who requested an action and what the backend recorded. It does not replace provider evidence or prove a queued operation completed successfully.

Discovery operations 9 of 9 · Screenshot placeholder

Review bounded discovery activity

Show synthetic Activity & Audit rows and a safe detail drawer.

Future capture briefReplace actors and identifiers. Hide emails, request IDs, provider payloads, raw errors, credentials, and customer data.

Confirm the project/account/region/workspace scope, latest backend status, requested action, resulting linked run or proposal, and safe audit record. Keep queued, completed, reconciled, approved, and applied states distinct.

The run must contain retryable failed scope. Open failures and confirm that the account, region, and permissions are still approved before retrying.

Active runs must be cancelled and reach a terminal state first. Deleting history never deletes cloud resources or managed-resource bindings.

Review connection health, allowed region/service scope, resource binding, and the safe error. Do not broaden provider access without a reviewed need.

Treat the disabled state as the current product boundary. Review its reason and do not document or report the action as successfully available.

Use Manage resources and drift for the full reconciliation decision path, then use Review plans safely before any apply.