In AWS, Virtual Private Cloud (VPC) is one of the hardest concepts for newcomers to crack. What is a VPC, when do you use one? Am I using one right now? The answer is almost certainly yes but maybe you hadn’t realised it?
AWS creates a default VPC for every region in your account. You can experiment and deploy services for quite a while before you need to take a deeper look at the network configuration behind them. Then it gets very complex – Subnets, Internet Gateways, NAT Gateways, Load Balancers, Security Groups, Peering Connections, Transit Gateways – the list goes on!
These concepts are difficult enough to grasp, and harder still to visualise. There are numerous tools on the market that offer auto-drawn AWS infrastructure diagrams. These can be quite expensive for a single developer or small organisation, and because you often need to choose between cost and convenience many will find themselves suffering to save a few bucks on yet another tool.
So when I saw Quadzig being announced in Beta, I was keen to get in on the ground floor and try it out. As always, this is not a sponsored post – this is just a super-cool tool and I want to tell you about it! Jeff Bar did get a jump on me by tweeting about it in early January, but I was lucky enough to have a long chat with the developer recently, asking about his motivations, development cycle, plans and future features – more on that later.
Very simply: Quadzig is a multi-account AWS infrastructure visualisation tool that currently supports Networking, EC2 and RDS, with more areas to follow. It provides a way for most of those complex components I mentioned before to be drawn cleanly and arranged logically to help get a handle on what you’ve got and where it is.
I once was blind, but now can see
The relationship between these components can be complex, and if you’ve got a large multi-account AWS Organization, you’ll know first-hand how difficult cross-account visibility of resources can be.
Quadzig’s got you covered here, with single and multi-account support. The onboarding process involves deploying a CloudFormation template which creates an IAM role with strict read-only permissions to inspect the resources it’s concerned with. For those wanting to roll it out to the whole AWS Organization, or an Organizational Unit (OU) therein, Stackset support makes this really easy and I was up and running in less than 10 minutes.
Once the role is deployed there’s nothing else you need to do and data will be quickly synced in the background ready for inspection after a few minutes.
Default VPCs in AWS can be a problem, because most organisations will look to either delete or not use them in favour of customised CIDR ranges and specific configuration. This does however mean that the default VPCs can clutter up your accounts, but I was delighted to see Quadzig has a simple ‘Ignore default VPCs’ option in the settings, as well as the ability to block other specific VPCs from the visualisation.
What I’m left with on the diagram is a nice, clean overview of all of my accounts. The regions, VPCs, subnets (coloured green and blue for public and private respectively), along with the internet gateway and instances (if deployed). Different components, accounts, and regions can be instantly toggled on and off in the options, and the names of resources are plotted where suitable.
If I click on any resource, a full information bar slides into view with all of the pertinent data. Resource ID, type, region, IP addresses, and resource tags – everything you could want to know in a flash!
Customising the view is also nice and easy – components can be dragged around and locked in place as required, or rearranged for best fit with a Smart Layout tool. Once I’m done filtering my resources and making it look pretty, I can either instantly download it as a PNG image, or email a time-limited link to share it with a third party.
Future Features
From my chat with the developer, the roadmap for the tool is ambitious and we can hope the see the some of the following added in future:
- SSO Integration
- MFA Login
- Exports to CSV
- Support for more AWS services
- Different types of views (Cost Views, Resilience Views)
I also made my own feature request for the ability to annotate resources directly from the view – but the developer agreed this would need to be offered carefully as it would move from being a strictly read-only tool to one with optional updates to tags. I can however tell you how many network engineers I know that’d love to be able to tidy up their estate with proper tags from a single control panel like this!
Summary
Overall Quadzig is an impressive beta with great potential for the future. Like most good tools it was originally developed out of necessity and looks to fill a feature gap many of us will recognise. With the very reasonable pricing outlined for the final launch I’ll be snapping this up to keep an eye on my own accounts as they grow beyond my ability to comprehend within my own head!
You might be asking yourself, does AWS not have something similar already available? Sort of, in the form of a Solution called AWS Perspective. For those unfamiliar, a ‘Solution’ is not a managed service, but rather a templated set of components that customers can deploy themselves to add additional functionality into their AWS accounts. Many managed services started their life as Solutions where the overhead of the customer managing the infrastructure was steadily moved into a complete service offering.
Now, whilst Perspective does look good for visualising components, the price-indication is an eye-watering $500 a month, which is too rich for my blood. This can be tweaked of course, but Solutions do also tend to come with an extensive multi-page guide on deployment and customisation and you’ll probably need a little upskilling time.
What many are looking for is an affordable, easy-to-set-up, and simple-to-use tool that does the thing they’re looking for. Quadzig is a slam-dunk here, and I look forward to watching its progress over time.