I was working on a task yesterday and throught I would write it up so that others could possibly benefit from it. I was working to document our AWS enviornment, specifically the security groups around each instance and how the instances are connected to each other and the internet as a whole.
I had been asked several weeks ago if there was some documentation of the AWS environment at work and how instances were interconnected. I didn’t have any documentation at the time and it wasn’t a huge deal so I let the topic drop. The other day however I was thinking about documenting AWS and that conversion came back into my head. I realized that with the AWS API you could generate the graph of the connections realtivly easily. Since everyone loves pretty pictures I wanted to see if I could visualize it as well.
The first step was to generate the graph of the security groups. This was another chance to use boto31, the de-facto Python binding for the AWS API. After toying around I had the code that could generate the graph between each instance and the IPs that were allowed inbound access.
There’s one aspect of the code that I want to specifically call out. The method
searchIpAddress searches for the instance ID for an IP address. This way if a security group refrences another instance the graph can properly know that. If we were to do this blindly though we would be pulling the list of instances from the API for each IP address for each port. Since we don’t want to be wasteful we cache the results and preform a lookup in the cache and only call the method if we’ve not encountered that IP address before.
Overall I’m happy with the exercise. While the visualization aspect didn’t turn out how I hoped I was able to get the data and have a way to reproduce it in the future should anyone need it. I hope to incorporate RDS as well in the future but that presents a different set of challenges.
If you’ve got questions about Amazon Web Services4 or cloud technology in general feel free to contact me and I’ll see how I can help bring my experience to the problem.