With large and complex cloud infrastructure it is often difficult to zero in on just the resources or segments of your cloud environment that you are interested in.
Isolating a specific resource or a particular subnet that you need to work on can be difficult and cumbersome if all you have access to is a massive infrastructure diagram with hundreds or even thousands of resources mapped out, or worse still just the console to work with.
How to find The cloud resources You Need fast.
If you already use Hava to automate your cloud diagramming then you are one step ahead of IT cloud professionals that rely on manual diagramming and cloud consoles to keep track of everything they or their clients have running.
You will already have detailed up to date diagrams showing every environment and VPC or virtual network configured in your cloud account. You can already see the associated security stance and in the case of AWS, how well the configuration complies to best practice.
But is too much of a good thing a problem when it comes to very large environments.
Well it can be.
With a massive diagram, you will have to pan and zoom around to zero in on the particular resource or maybe a subnet to get to the information you need to inspect. It's not a massive imposition, but, there is an easier way.
Sometimes you need to find an individual resource or resource type or maybe an IP address or VPC that is running somewhere in amongst all the environments you are managing, but you're not quite sure exactly which environment that is.
This is where Hava can help.
More specifically where Hava's custom search can help.
How does Hava custom search work?
In the main Hava top menu there is a search box that allows you to specify criteria to build a custom on-the-fly diagram. The diagram is constructed out of any resources that match the entered search term.
This search can be:
- region: bring back everything running in the nominated region
- id: diagram all resources with the matching id
- name: detail resources or environments with a matching name: tag
- vpc: bring back matching AWS or Google Cloud VPCs
- subnet: detail everything with a matching subnet id
- virtual_network: diagram everything in the matching Azure Virtual Network
- resource_group: add everything in the matching Azure resource group.
- project: diagram everything in the matching Google Cloud Project
- type: diagram all resources matching the nominated resource type
- source: show everything in the matching data source (cloud account)
- ip: detail everything that matches or includes the nominated IP address or address range
- network_view: create a network diagram for the specified data source (beta)
- tag:pair any combination of user generated tags and values
You can stack search commands using and/or qualifiers, so diagram this vpc and that vpc on the same diagram which makes it easy to create hybrid diagrams as you can nominate different cloud vendor data sources.
You may also include wildcard and negative search prefixes to bring back items that don't match the required search term.
Once you execute a search the resulting diagram can be preserved.
Can I save Hava custom diagrams for future reference?
Yes: Once a Diagram is generated you can save it.
When you save a diagram generated with a custom search it is added to your environment console so you can come back to it later.
Say you are a DB admin, you could create a diagram with all the database resources you manage pulled in from various cloud vendors giving you a single diagram to easily review what's running and what might need attention.
Do query generated custom diagrams update automatically?
Yes: Once saved, custom diagrams self-update
As with all Hava diagrams, custom search generated diagrams are updated as part of the normal Hava sync process. You can also use API calls to trigger a diagram refresh as part of your CI/CD pipeline.
Can you trigger Architectural Alerts from Custom Diagrams?
Yes: You can set up alerts for a custom saved diagram
Once you save a custom diagram it will become available as a target in Hava's architectural monitoring alerts.
You can add the custom diagram as a target so when anything changes on the diagram, you will get an email alert letting you know.
Take our case of the DB admin. With a diagram created detailing all the database instances in the cloud estate the admin is responsible for, when anything changes the admin will get an email and diff diagram showing what databases have been added or removed.
What are the common custom diagrams created in Hava?
Here are some of the common custom diagrams people create in Hava.
Creating Cloud Region Diagrams with Hava Custom Search.
Using the region: search modifier you can pull back resources running in the regions you nominate.
As you can see in the image above, Hava provides a list of the available regions from all 3 supported cloud vendors and will pull all the resources onto a single diagram.
Maybe you have a team responsible for a specific region, or you have to address compliance issues around data hosted in a particular region. By using the region custom search to pull everything running there onto a single diagram.
Creating Hybrid Cloud Diagrams with Hava Custom Cloud Search
Getting all the resources related to tagged resources or entire environments onto a single diagram is super simple with Hava's custom search.
If you have resources or environments related to a particular project spread across multiple cloud providers that you would like to see on the same diagram you can use several search criteria to create the hybrid cloud diagram.
A common method is to pull in multiple data sources using the source modifier.
This will result in all the environments running in both cloud accounts to appear on the diagrams. These can be a mixture of AWS, Azure and Google Cloud.
You can just diagram specific subsets of these environments too.
Can you include multiple VPCs on the same custom diagram?
Yes: You can use the vpc: modifier for AWS and GCP and virtual_network: for Azure to pull in the nominated infrastructure:
You can of course select multiple VPCs from the same vendor cloud account as well as draw from multiple cloud accounts from the same cloud vendor.
If you are an MSP or PS consultant looking after hundreds of accounts, you can use custom search to surface all the VPCs belonging to a particular client, or project, or application easily. Especially if your tagging game is on point.
Can I see the costs for an entire region?
Yes: When you use the region: search, a diagram will be produced containing all the VPCs or virtual networks that match the region search.
Every resource carries an estimated cost based on the cloud vendor price guidance which is displayed in the attribute pane on the right hand side of the Hava infrastructure diagrams and also against each resource on the list view.
Can I Isolate a single app's resources in a large VPC running multiple applications?
Yes: If your resources contain a tag pair identifying the application then you can use this to build a diagram with just the resources related to the app.
Hava treats any non reserved word as a potential tag and will try and match the value entered and bring back matches.
For instance, if you have a tag that identifies the app a resource belongs to, like say application: with a value that identifies the app like "payroll" then typing application:payroll into the custom search box will build a diagram of all the resources with that tag pair.
Can I combine tags to narrow down diagrammed resources further?
Yes: You can combine all of the search criteria.
If you were trying to establish ownership of a subset of resources from within the payroll application above, you could append another tag to the search.
This search shows all the resources John owns within the Payroll application and ignores the other resources he owns within the VPC or other projects.
Can you diagram a single subnet?
Yes: using the subnet: search you can isolate an individual subnet onto it's own diagram.
Lets say you have a large environment but are only interested in the subnet that contains resources that you need to manage. You might be just interested in the databases.
You can select the required subnet, acquire the subnet id from the attribute pane and paste that into a custom search.
The result is usually a diagram with the single subnet detailed.
In this case the resulting diagram shows two subnets. But Why?
Because the databases are deployed over two availability zones, so both subnets containing the database instances are displayed since the resources in the requested subnet do not exist in isolation.
Can I find resources from within thousands of my managed MSP client cloud accounts?
Yes: The custom search function goes out and scans through all the accounts you have connected to your Hava account.
So a single search can find resources running from within thousands of connected accounts whether they are AWS, Azure, or GCP.
Simultaneously!
One search command.
The power of this should not be underestimated. Especially when you need to find specific resources fast, like in the middle of a zone or application outage or when a client network is under attack and your security logs are glowing red.
The custom search is useful for far more than creating custom diagrams.
Can I show things connected to the resources that match my customer search?
Yes: That's where Hava's Deep Search operator comes into play. Using the @ symbol in front of any search criteria tells the custom diagram builder to also bring back anything connected to the resources that match your search.
Lets say we want to see all the EC2 instances in a particular AWS VPC. We could enter the VPC id AND the type:
The resulting diagram shows us what we asked for.
But by including the @ in front of the type: modifier, we then get to see the resources connected to the EC2 instances in this VPC.
This showcase of what you can do with Hava's custom search has barely scratched the surface.
We could have gone into greater depth on stacking search terms.
Or using and/or to really zero in on the information you want to see no matter how complex your infrastructure or how many accounts and data sources you have connected.
Be we don't want to have all the fun.
You should check it out yourself.
If you already use Hava to fully automate your cloud infrastructure, security and AWS compliance diagrams you can check out custom search now, it is built into all Hava tiers.
If you haven't implemented Hava yet, you can take a free 14 day trial using the button below and start enjoying the benefits of hassle free cloud diagrams and centralised search today.
