Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Request for Comment: Displaying Networking Relationships #543

Open
ConnorKirk opened this issue Sep 12, 2024 · 3 comments
Open

Request for Comment: Displaying Networking Relationships #543

ConnorKirk opened this issue Sep 12, 2024 · 3 comments
Labels
awssol_nofirstresponsesla Exclude from Internal SLA Reporting enhancement New feature or request

Comments

@ConnorKirk
Copy link
Contributor

ConnorKirk commented Sep 12, 2024

Summary

We're often asked if Workload Discovery can display networking information such as VPC flow logs as relationships between resources.

For example, "Can I see if this EC2 instance is communicating with this NAT Gateway".

Today, Workload Discovery presents configuration based relationships for networking resources, such as "EC2 instance X is contained in Subnet Y". Workload Discovery cannot show relationships between two resources that are communicating via a network. It might be possible to display this information in Workload Discovery. There may be other related information that is also useful to include.

We'd like to investigate what usecases users have for visualising relationships between networked resources in the tool.

We'd welcome any anecdotes or feedback on how we can improve Workload Discovery in this area. We will update this issue with more information as the investigation progresses.

What is the problem?

Customers would like to see relationships in WD representing actual networking communication between resources. Today, Workload Discovery only shows configuration based relationships such as EC2 instance being associated with an Network Interface. Workload Discovery does not show relationships derived from potential or actual network communication.

What is the solution?

Workload Discovery will support a new relationship type, a network derived relationship. Network derived relationships will be derived from VPC Flow Logs.

@ConnorKirk ConnorKirk added the enhancement New feature or request label Sep 12, 2024
@ConnorKirk ConnorKirk pinned this issue Sep 12, 2024
@brianok-aws
Copy link

I think this would be a fantastic addition to introduce new FinOps processes if added to the graph. I cover some of these techniques in graph at https://aws.amazon.com/blogs/database/techniques-to-improve-the-state-of-the-art-in-cloud-finops-using-amazon-neptune/, but adding the VPC Flows would also allow you to detect resources that have unused pathways in addition to no pathway. It will be interesting to see how you can enable these flows on existing resources with minimal disruption, as well as without significant cost. Also, I think it is important to differentiate between when monitoring is active and there is no traffic and when there is no monitoring...so techniques can be applied to the former but not the latter.

@svozza
Copy link
Contributor

svozza commented Sep 18, 2024

Also, I think it is important to differentiate between when monitoring is active and there is no traffic and when there is no monitoring...so techniques can be applied to the former but not the latter.

This is a very good point, we need to make this distinction clear in any diagrams.

@shujacks shujacks added the awssol_nofirstresponsesla Exclude from Internal SLA Reporting label Sep 18, 2024
@NickB118
Copy link

NickB118 commented Oct 3, 2024

I think this would be an excellent enhancement. We are looking at tools that do just this currently, specifically https://faddom.com/, but we have also tried a homegrown approach analysing VPC flow logs and outputting as graphviz previously. VPC flow log analysis has been of huge help to our team previously in getting to grips with understanding how legacy systems work and what is safe to decommission, but integration into Workload Discovery sounds like it could be of great use too.

@groverlalit groverlalit unpinned this issue Nov 11, 2024
@ConnorKirk ConnorKirk pinned this issue Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awssol_nofirstresponsesla Exclude from Internal SLA Reporting enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

5 participants