How to visualize your aws security

Security is paramount in any IT infrastructure, and is even more critical where the public cloud is concerned.

As the transition from private servers and data centres to cloud solutions gains momentum, the complexity of cloud infrastructure continues to intensify. Typically hosting multiple applications, distributed over different availability zones most cloud configurations present a number of security challenges.

A good security team is a key requirement to any DevOps or engineering organisation and they generally have their work cut out, especially if you have multiple teams working on disparate projects that are continually pushing changes live and altering the configurations of your production environments.

Trolling through configurations and console settings to establish all your security groups, then determining what resources belong to the group is a major undertaking.

Then you have to establish how traffic flows through your network. What ports are open, what are the ingress & egress points and IP addresses.

It doesn’t take much to open up a vulnerability by mistake, like opening up a port for team members to access or test something temporarily, then forgetting to close it again. The vulnerability will sit there, un-noticed, waiting to be exploited.

When we built Hava for use in our cloud consulting practice, not only were we looking for an easier way to document new client infrastructure with the AWS diagram generator, we were also looking for a much easier way to visualize network traffic from a security perspective without having to spend days or sometimes weeks lost in console settings manually building a picture of what was going on.

The security view in lays out the security groups in an easy to understand visualized diagram with the open ports overlaid so you can see where traffic enters and routes to once in the network.

As with all Hava diagrams, the security view is fully interactive.

Selecting a security group on the diagram will display the attributes for that group in the Attributes pane to the right of the diagram.

There you can see the Security Group name, Ingress & Egress ports and all the Connected resources.

All the resources in any security group are documented including:

  • Lambda Functions
  • Autoscaling Groups
  • Elastic Load Balancers
  • EC2 Instances
  • Network Interfaces
  • RDS Instances
  • Launch Configurations
  • etc etc

You can select any resource on the attribute list and view more details about that resource. So everything is in one spot for your security team to do their work assessing whether the config meets your security policies or not.

Complex environments are also visualized without a problem, so you can take a take a helicopter view of the whole network, then zoom in to individual security groups to see the port details and connections if something doesn’t look right.

The ingress and egress TCP ports are detailed on the diagram as well as in the Attribute pane, so you have all the critical traffic data to secure your network.

If you want to see your AWS cloud security visualized, you can grab a Hava Pro or Business Free Trial any time you like, connect your AWS account and see for yourself how powerful the security view is in Hava. You will be surprised how much time your security team will save getting to grips with your infrastructure security.

Of course, once you’re connected you can also take advantage of the beautifully crafted infrastructure diagrams that logically lay out your VPC’s by availability zones and subnets, which allow you to easily spot unused or misconfigured resources needlessly costing you money every month.

You will also have Hava polling your config continuously, automatically updating your diagrams and making fully interactive archive copies of your old configurations for future comparison, just in case you need to track down a problematic config change or establish why your cloud spend jumped unexpectedly.

You can grab a free trial here any time you like:

Originally published at




Tech Writer, Developer, Marketer and Generator of Leads.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Step Token Launch Mechanics

Why did the PGP Web of Trust fail?

Preventing Bit Rot

The year in review through the lens of a Jr cybersecurity analyst. Part I

The Hitchhiker’s Guide To Hacking Connected Cars: Methodology and Jump Kit Readiness

SafeBLAST x Satoshi Club AMA Recap from 7th of June

Top 20 Features of Untangle Next-Generation Firewall

TrustPad Official Tokenomics Announcement — $COSPAD

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alan Blackmore

Alan Blackmore

Tech Writer, Developer, Marketer and Generator of Leads.

More from Medium

AWS Diagrams for Visio

AWS Landing Zone #1: Expanding Control Tower managed estate

AWS Cloud Cost Optimization : Part 1

AWS VPC Sharing