4 min read

How to Track Changes in Your Cloud Environment Architecture Configs

March 11, 2020



In the fast paced world of cloud computing, keeping track of dynamic environments can become a time consuming and costly exercise.

As the cloud platform vendors roll out new features and methodologies, the chances of your cloud environment configurations remaining static for very long are less now than they have ever been.  Add the dynamic nature of resources like autoscaling groups and the task of keeping tabs on exactly what you have running and where is an ever increasing challenge.

But we're pretty sure that no-one would shy away from the fact that in these days of ever increasing compliance burdens and strict governance rules, keeping on top of your network topology is more critical than ever.

Of course having accurate cloud infrastructure diagrams is a massive time saver when on-boarding new engineers or establishing the state-of-play when you take on a new client or project, that goes without saying. However one of the less obvious uses for up to date diagrams is proving to compliance auditors and insurance assessors that all your systems are in order, your security is locked down and the data you are retaining is appropriately secured.


Keeping up to date diagrams in the past has been an extremely time consuming task, especially in large organisations with hundreds of cloud accounts and multiple teams potentially changing environment settings on a daily basis. Having to update manual records every time you modify a setting, add an extra NAT Gateway or Database Instance isn't high on anyones list of priorities.

That's why having a system that continuously polls your cloud config files and automatically updates your diagrams while at the same time archiving the previous diagrams and config settings is not only smart, it's also pretty fundamental from a diligence and effective governance perspective.

The versioning feature of hava.io has this functionality built in. All Hava plans will automatically sync your config data then continuously monitor to snapshot any changes to your environments.

This gives you a complete audit trail by frequently polling your console settings and detecting exactly what has changed in your cloud config.


This applies to all platforms currently supported by Hava, which include AWS, GCP and Azure.



To see when your environment settings have changed, open the Versions tab in the right hand accordion menu while viewing your diagrams.  

The version tab will list the current and previous configurations with a date that version became live and when it was superseded.

AWS Security View 800x600


You can also view changes to the extensive list of environment resources found in the list view that details both visualised and non visualised resources, which means you have a record of any changes like additional network interfaces, WAF Rules, Volumes etc.



This is essential information to know when trying to diagnose recently introduced config issues, or for your security team to easily view changes to ensure your network remains the fortress it absolutely needs to be in 2020. Not only will your security be on point, so will your governance. You will have to hand a complete audit trail of how your systems were built and configured and you'll have the documentation to prove it.

If you would like to chat about how you can use Hava to start tracking changes to your AWS, Google Cloud or Azure configurations there's a chat dialogue on the bottom right and on the home page that is manned by a real person who can walk you through the easy steps needed to make it happen. Or just email sales@hava.io to arrange a call back.

All hava.io accounts come with a free 7 day trial and produce 100% accurate logically laid out network topology diagrams the minute you connect your cloud credentials.



Team Hava

Written by Team Hava

The Hava content team