6 min read

Find Cloud Assets From Multiple Accounts/Vendors With a Single Query

December 1, 2022

How to find cloud resources across multiple accounts and vendors with a single query

When you are managing multiple cloud based networks the chances are there are multiple cloud accounts to look after and these may well be from different vendors.

When you only have a handful of accounts under management, finding resources is relatively simple, you just log into each console and head to the service you are trying to track down and see what is deployed.

Now let's say you are a managed service provider or a professional services team that has two hundred and fifty cloud accounts across AWS, GCP and Azure in your portfolio. Logging in to each account to find a specific resource, or resources with a specific IP address or tag suddenly becomes a tougher assignment, if not tougher, certainly a lot more time consuming.

Now let's imagine you were browsing through our weekly Friday round up post that covers all the updates and releases from AWS, Azure and GCP and you see that there is a critical security flaw that has just been discovered in a particular database type and you need to patch the vulnerability as soon as possible.

Do you log into all 250 accounts to see who's running the database and version under threat. I guess you could do, but it will take a while.

The good news is, there's a much better way.

Hava diagrams probably don't immediately spring to mind when you think of the fastest way to locate resources across multiple cloud accounts, but bear with me because built into your Hava account there is a powerful query engine that will get the job done fast.

When you use Hava to automate diagramming your cloud network topology you connect each cloud account you manage as a data source. You can have hundred or thousands of AWS, Azure, GCP and even stand alone Kubernetes clusters connected to your Hava account.

This is where the fun begins. Hava fully automates the creation and updating of virtual network diagrams which are live and ready for you to inspect at any time. But because the connections are established to all your cloud accounts, you can use the Hava query function to search all connected accounts simultaneously.

To repeat, you can search all those 250 connected cloud accounts in the example above with a single command in Hava. No need to log in to any of the cloud consoles. The pre-existing credentials used when connecting the data source to Hava enable you to execute the search across all the account and all the vendors simultaneously, live, with a single command.

In the case of the database that needs to be patched, you can use the resource type: query to simultaneously search all attached accounts looking for a match.


The results are returned to a temporary interactive diagram showing all the matching databases discovered inside their VPCs. This gives you a comprehensive list of the databases and which accounts they belong to. You can then select each database and view the metadata related to the resource, including useful things like the engine type and version.

It really is like a configuration search engine for all your AWS, Azure and GCP accounts. One query will look through all the connected accounts and return resources that match your search query.

A single command can search through a hundred, a thousand or even ten thousand connected accounts to find whatever you are looking for. If your tagging game is on point you'll be able to zero in on resources, VPCs and the accounts in which they are running in a matter of seconds instead of having to scour through documentation and/or consoles for hours or days.

If a particular resource is being deprecated or needs urgent attention, you can run a single query and identify which accounts and virtual networks you manage are running that service if you have them connected to your Hava account.

You can also save these "on the fly" diagrams, so they are there in your Hava environments console when you need them. Your DB admins might like a single diagram of all the databases they manage no matter what vendor is hosting the database. Your security team might like a single diagram showing all the WAF instances currently running, or your Dev team managers might like a single diagram showing all the VPCs and resources tagged to the development team.

All of this is possible using Hava and the built in query feature.

Of course, when you connect cloud accounts to Hava you automatically get a range of diagrams for each VPC, Virtual Network or Container Cluster detected.

The infrastructure view is created for each VPC or virtual network discovered in AWS, Azure and GCP accounts:


This view is interactive meaning when you select a resource on the diagram the attribute panel to the right of the diagram displays a stack of metadata related to the selected resource.


Azure and AWS environments will also generate a Security View. This shows all the configured security groups, with the open ports laid over the top showing how traffic enters and exits the network.


Selecting a security group will populate the attribute pane with details related to the group so you can see exactly what is configured without having to go back to the respective cloud console and try to work out how the security groups are set up.

If you are running containerised workloads on ECS, EKS, AKS, GKE or even on stand alone Kubernetes Clusters, Hava will auto generate a workload map called the Container View that shows the Cluster, Services and Tasks running. Each task/pod run status is indicated using a different coloured hexagon, so you can see at a glance whether tasks are running, starting/stopping or stopped.


On top of the infrastructure, security and container views if you are building on AWS Hava produces an AWS compliance report.



This report tells you how well your AWS configuration matches AWS best practice. The report shows you what you have running, what you have configured that is or isn't in use and categorizes adverse findings into low, medium and high.

Once you have auto generated diagrams by connecting cloud accounts, or used the powerful query tool to create custom or hybrid cloud diagrams they will be in the Hava environments dashboard. You can also use the share/embed viewer to place diagrams into external web properties. 

There are a number of integrations that allow you to build diagramming into your deployment pipelines. The Terraform and GitHub integrations allow you to easily code diagram creation into the deployment process and the Confluence plug in allows you to easily place self updating diagrams into your Confluence Wiki. Of course you can use the Hava API to programatically add accounts and environments, sync and pull diagrams as well as a whole host of other operations.

If you are not currently using Hava and are still burning hours or days manually trawling through cloud consoles to find resources or build diagrams, you can take a fully featured Teams account for a free trial using the button below.

There is no obligation, no credit card required and you can even continue to use Hava for free after the trial period all be it with a single cloud account.

If you've been looking for a better way to create cloud network documentation or find cloud resources across multiple accounts easily, hava.io might be the answer.

Learn More!


Team Hava

Written by Team Hava

The Hava content team