Visualizing Your AWS Environment: How to Use Cloudmapper to Generate Diagrams

Visualizing Your AWS Environment: How to Use Cloudmapper to Generate Diagrams

Visualizing Your AWS Environment: How to Use Cloudmapper to Generate Diagrams

Cloudmapper is a powerful tool that allows you to generate AWS diagrams. You will have up-to-date visualizations of your AWS resources and services. You will also have the possibility to filter what parts you want to see and what parts you want to hide, and much more possibilities that you can play with. All of this is explained in this video!

Join 20K+ students and check my Udemy video course: How to Identify, Diagnose \u0026 Fix Memory Leaks in Web Apps: https://www.udemy.com/course/identify

Enjoyed the content? Reward the channel: https://paypal.me/rakiabensassi

A Day in the Life of an AWS Developer: https://levelup.gitconnected.com/a-da

How To Survive the Peak Cloud Complexity as a Software Engineer: https://betterprogramming.pub/survivi

How to Validate a Field in a Microservices Architecture: https://betterprogramming.pub/microse

Check my video course: How to Identify, Diagnose, \u0026 Fix Memory Leaks in Web Apps: https://www.udemy.com/course/identify

You can find more of my technical and non-technical articles here: https://rakiabensassi.medium.com/memb

💡 🧠 I write about engineering, technology, and leadership for a community of smart, curious people. Join my free email newsletter for exclusive access: https://rakiabensassi.substack.com


Content

0.16 -> How to use Cloudmapper? How to use Cloudmapper  to generate AWS diagrams? This is what we will see  
8.32 -> today in this video cloud mapper repository  is available on github in order to use it  
16 -> you will need to have installed python3 pip  and virtual environment you will also need jq  
22.08 -> and pi jq tools installed so on my localhost i  have already python3 and pip installed let me  
29.68 -> check if i have jq and other library also so as  we see here jq is already satisfied which means  
38.8 -> it's already installed on my machine and ijq is  also already there i don't need to install them  
47.92 -> the next step for me is to clone the cloud map  repository from github i have already cloned it  
54.4 -> but in your case if you haven't done it yet you  need to run that command that git clone command  
61.12 -> so what i need now is to run bro install autocom  automake aws cli so we type jq lib tool python 3  
71.68 -> then i need to go to the cloud mapper  repository that i have already cloned  
78.64 -> the next step is to start and activate  my virtual environment before running  
84.72 -> this command let me show you on the source code  the virtual environment folder which is vm and  
95.2 -> under bin there is activate so let's go back  to the terminal and run the appropriate command
105.44 -> so as you can notice there is this vm  
108.64 -> prefix which means i am now using my  virtual my python virtual environment
117.76 -> next i need to install my requirements for this  project by running pip install requirements so
128.4 -> the cloud mapper repository offer us  the possibility to generate diagrams  
133.36 -> and report origami aws account in the config json  demo file in the project that is declaration and  
142.08 -> the specification for this demo account so let  me try it here there are 16 nodes 3 external  
151.2 -> cidl and 35 connections built after preparing the  data we need to generate the report for this demo  
162.08 -> account by running the next command  python cloud mapper report blah blah
171.28 -> so the report is generated successfully  under the web folder account data  
179.28 -> cloud number offered me a possibility to see this  html page on the browser by starting first a web  
187.44 -> browser and in order to do that i need to run  python cloud mapper web server so let's go ahead  
193.52 -> and run it i need to call this url now so here  i can see my aws resources classified per vision  
206.24 -> by calling account data report i see the  data in another form with some statistics  
213.2 -> and some node regarding the security level  that they have for each category of resources
228.48 -> here for example my sqsq is publicly accessible  which could represent the security problem so in  
236.08 -> real life what we need is in fact not to generate  the data for a demo account but to generate it for  
242.64 -> regular account for this reason i will show now  how to generate data for my own private account  
250.32 -> let me check what resources i have here i have  an instance running a volume and security groups  
257.68 -> and keypair and in order to be able to  generate the data with cloud number i need  
263.36 -> to make sure that my em user has the appropriate  policies in its role which are view only access  
271.92 -> and so my current logged in user already has  these policies but let me show you another user  
280.24 -> who does not have these policies and  we will see how to add them to it
288.88 -> so i am on the grant permissions i have to  choose attach existing policy directly after  
296.56 -> typing security audit i can select it and then i  need to type view only access and add it also as  
305.76 -> a policy so my second user has this policies  as well you don't need to add those policies  
313.28 -> to all of your users just to the user that you  will use with cloud mapper so let's go back to  
320.56 -> the terminal and run a slightly different command  in order to collect the aws data for my account  
328.88 -> let's type python cloud mapper collect minus  minus account then the name of my account so  
334.88 -> here i have problem because i am not yet locked  into aws let me do it first with aws configure  
344 -> and here we go so the access to  the aws account is done correctly  
348.8 -> and generating or collecting the data  could take a moment let's wait a bit
356.88 -> and here it is so let's now generate the  report for this collected data in order to  
362.56 -> visualize it for that sake we need to run the  python cloud mapper report minus minus account  
369.76 -> and then the name of the account so report  is there let's start the web server and then  
375.92 -> move on to the browser so here the old  data for demo account and after refresh  
381.52 -> i can see the data for my rakia aws certificate  account so here i see the number of resources and  
392.16 -> some insights regarding the security  level for each resource and so on
401.12 -> so let's go back to the terminal and generate  the diagram for this sake we need to run python  
407.28 -> cloud map repair then minus minus account  and the name of my account rakia aws  
415.2 -> and certificate okay here i have an error because  i need to adjust the content of the config  
423.52 -> json so let me go to it first and so the  name of my account is like here pwsificate
435.2 -> and my account id is this one and i need  to replace this with correct data so
448.48 -> we look into my account first
452.56 -> okay i will create a new ec2 instance
463.44 -> and okay keep it this one create security guru  and okay i'm fine with this okay let's now change  
482.8 -> the version and choose this one for example  and i would like to create an ec2 instance  
490 -> as well there so here i already have that  square and i have a default vpc let's go to it  
502.72 -> and i need to take this c idl  and put it here and the name is  
512.88 -> okay there is no name let's  create a new one my first
525.76 -> okay that's fine
534.24 -> okay now we have two vpc here  i can add the new one as well  
540.72 -> let's go first here duplicate this line then i  will adjust the data so this is our ipv4 cidl and  
558.32 -> the name is okay and this is the name  
565.52 -> it's my new pc okay let's go again to  the terminal and run our prepared command  
574.08 -> okay now we have two connection builds and  one external c id let's run the web server
584.08 -> web server is there the url so and  this is what we have for the moment  
592.24 -> so i have resources in two availability zones  which are us east one and europe central one  
600.72 -> in each of them i have a virtual private cloud  and the subnet and an instance this instance can  
609.12 -> communicate with public traffic unlike the  other one as you may have already noticed  
614.4 -> this is not all of my resources and the reason  for this could be that my current am user does  
621.2 -> not have the right to access all the resources  and see them let's go back to my aws account  
631.04 -> so here if i go to sqs i can see that  i have an sqs that i am not seeing  
637.28 -> in the diagram let's check the access policy for  this one so let's adjust the policy and change  
648.8 -> it so here the principle and the principle i see  an iron which is not the iron of my current user  
656.56 -> let's go to this security credential of  my current user and copy my current iran  
664.24 -> the illness of my current em user and go back here  i need to go to the policy generator and a low  
675.12 -> of this ireland or actions and the  results is let's go back to sqs
685.04 -> then copy this align and i will paste it here  
689.44 -> add statement generate policy and let's copy this  one okay now i can change the policy let's save it  
699.76 -> after updating the access policy you can recollect  the data from aws and regenerate the diagram again
711.04 -> let's see now a different case study which  is an example where there is a lot of  
716.64 -> resources and services used in aws in such a  situation you will get a big number of nodes  
723.12 -> and connections in your diagram and it makes sense  to benefit from the filters that cloud mapper  
729.84 -> offers you such as no internal edges  no read replicas collapse by tag then  
737.2 -> the name of your tag if you have already  used tags in your aws services and so on
746.08 -> so cloud number offers other features such  as discovering and adding automatically  
753.04 -> different accounts to the config.json  file and to do this you need to run  
758.96 -> the python cloud mapper configure  discover organization accounts
765.68 -> so in my case i am getting an aws organization not  a news exception because my current aws account  
774.96 -> does not belong to an organization account as  you can see here there is your account is not  
781.12 -> member of an organization but if i switch to  another account i will get a different output  
789.44 -> with cloud but you have the possibility to  use a docker container as well and start it  
794.48 -> and if you would like to generate  the cloud number report and diagram  
800.24 -> automatically and on a regular basis you can check  here this page which shows you how you can use  
808 -> cloud mobile a private subnet and some other  resources like sd bucket and cloud watch  
816.56 -> service also and sns and also some notification  to get notified about the output of cloud mapper
828.72 -> so guys that's it for today i wish it was helpful  
832.96 -> don't forget to subscribe and like  the video and i will see you next time

Source: https://www.youtube.com/watch?v=HVy-mnjCLEM