When you are deploying cloud infrastructure to AWS, Azure or GCP you typically want to validate that everything went according to plan.
You could be a solutions architect that wants to ensure your engineers have built what you designed, or you might be an engineer that wants to review your IaaC deployment to make sure it was successful.
By far the easiest method is to auto generate an infrastructure diagram of your current cloud environment by either building the diagram process into your ci/cd pipeline, or by connecting the new environment to a diagramming application like Hava which will scan and diagram your newly built environment for you.
Using Hava's API you can programatically add a new data source (cloud account) and sync it, which will generate a new set of diagrams which you can then retrieve and place in the build doco repository so you can review the build the minute it completes.
If you are using GitHub for version control, you can leverage the Hava Sync GitHub action that is available for free in the GitHub marketplace to generate and optionally retrieve a png diagram straight into your GitHub docs repo.
You add a simple action step nominating the required environment id:
The full list of input options at time of writing are below, however you should check the Hava Action GitHub Marketplace listing for the latest options.
The Hava infrastructure diagrams are fully interactive. Which means directly from the diagram you are able to dig into the settings and metadata to validate all the IP addresses, security, open ports and traffic ingress/egress settings match your expectations. The following demo diagram has been added to this post using Hava's embedded viewer. Have a click around and you'll see what we mean by interactive.
Reviewing Network Changes
If you need to review the changes to your cloud infrastructure over time to review the impact on network performance or costs, you can use the versioning feature of Hava to view and compare previous iterations of your network.
When you are viewing an environment in Hava, like say an AWS VPC you will have the option of selecting older versions of the diagram.
Hava continuously polls connected cloud accounts looking for changes. When changes are detected in your infrastructure Hava will generate a new set of diagrams and places the superseded diagrams into a fully interactive version history. You can pull up older versions and inspect them alongside the current or older versions to visually understand what has changed.
This allows you to validate the changes in the last deployment have had the desired affect on your network.
Validating Security Impacts of Cloud Deployments
When you deploy a new virtual network or make changes like adding new resources it is necessary to validate the changes haven't negatively impacted your security posture. One of the easiest ways to ensure nothing has gone horribly wrong security wise is to visually scan the Hava security view (for AWS and Azure).
This shows you all of your security groups and overlays the open ports and traffic ingress/egress points. You can deep dive into each security group to see the connected resources and review the open ports and protocols visualised by the arrows. As with the infra view, you can pull up older versions to compare the changes.
How to get started Validating your Cloud Deployments with Hava
Hava is available as an online SaaS or can be self hosted on your own infrastructure and allows you to connect AWS, Google Cloud, Microsoft Azure and stand alone Kubernetes clusters.
Data sources that are connected to Hava will have diagrams and doco automatically generated immediately. From there Hava periodically polls your cloud account config and updates the diagrams when changes are detected. You don't need to be logged in to Hava, or manually invoke anything, or check on email prompts, the whole diagramming process is 100% fully automated.
This means you have up to date network diagrams on hand whenever you need them and can validate your cloud implementations within your build pipelines. You also have a decent audit trail to follow in the event of an outage or to answer tricky questions during compliance audits.
You can take Hava for a 14 day free trial, learn more using the button below.