ACTS Blog Selection
We use machine learning technology to do auto-translation. Click "English" on top navigation bar to check Chinese version.
Using Steampipe Relationship Graphs to Navigate Cloud Resources on Amazon Web Services
Relationship graphs in Steampipe are helpful visualizations to provide quick context of your cloud environments which highlight important information about your resources.
In our last posts we showed how the open source Steampipe tool can be used to
In today’s post we’ll show you how you can navigate between resources using the new
- Understand relationships and dependencies at a glance: What services log to this Amazon Simple Storage Service (Amazon S3) bucket? What instances are targeted by this load balancer? What identity access management (IAM) role is used by this Lambda function? Does this Amazon Virtual Private Cloud (Amazon VPC) use peering?
- Review architecture and topology: What is the network structure of this VPC? Is this application balanced across availability zones? Is my Amazon Relational Database Service (Amazon RDS) instance in the database subnet?
- Identity and permissions: What users are in this group? What resources use this IAM role? What permissions are granted by this principal?
To get started and to see your own Amazon Web Services accounts in these dashboards, here are the prerequisites:
-
Install Steampipe -
Install/configure the Amazon Web Services plugin
Here’s the setup:
git clone https://github.com/turbot/steampipe-mod-aws-insights.git
cd steampipe-mod-aws-insights
steampipe dashboard
Now visit localhost:9194 in your browser to view and interact with the dashboards, as shown here.
Let’s take a closer look at some dashboard examples of how Steampipe relationship graphs can help you navigate and manage your Amazon Web Services infrastructure across accounts.
VPC Dashboard
We can start with the VPC Detailed Report. In this environment, we see the four subnets and the availability zones. For example, in the public_1 subnet, we find an Amazon Elastic Compute Cloud (Amazon EC2) Instance and its associated network interface. You can also navigate the Security Groups created in this VPC.
Amazon EC2 Instance
We can click on the WordPress instance to see more details about it. Here we see the WordPress instance has a disk and a network interface. In addition, we can see the instance role. The SSH keys are often a way to see who created a machine.
IAM Role
The IAM Role allows us to see what permissions the WordPress instance has. The instance has the AmazonSSMManagedInstanceCore role.
Additionally, both the Amazon EC2 instance and the Amazon Web Services Lambda services can assume this IAM role, as shown in the diagram. As this role is for Amazon EC2, that is something a DevOps engineer should investigate.
User Detail
The IAM User Detail dashboard shows the relationship between a user, their access keys, and the attached policies. For example, this diagram shows what the Steampipe Cloud IAM user looks like. The spc user has an access key and attaches ReadOnlyAccess and ViewOnlyAccess.
Uncover hidden details in your Amazon Web Services footprint
These graphs work hand-in-hand with their dashboards’ infocards, charts, and tables to help you understand your Amazon Web Services cloud in a whole new way. Which of these seem most useful to you? What other kinds of relationships will help you understand your cloud environments and manage them more effectively?
We’re excited to learn more about your experience using the Amazon Web Services Insights Mod. Our
Resources
-
Install Steampipe -
Install/configure the Amazon Web Services plugin -
Install the Amazon Web Services Insights mod