How to show which resources are connected to (depend on) which other resources in AWS

Cybernetic

3/2/23, 11:18 PM

Is there a way to show which resources are connected to what other resources in AWS? Basically the kind of information that would allow one to understand/view the current architecture.

There are CLI tools like list-application-dependencies and describe-network-interfaces but I don't think this provides the information I'm looking for.

For example, say I have an Amazon service like SageMaker, which uses a number of other resources like EC2, S3, EBS, etc. Is there a way to fetch what SageMaker is connected to and/or depends on?

Similarly, can I find out for a given EC2 instance what services are using it?

0 + 0

amazon-web-services

aws-cli

Tim

3/3/23, 12:04 AM

Not really. Lucid Charts / Cloudockit can help but both are third party.

Cybernetic

3/3/23, 1:41 AM

If there are 3rd party vendors who are able to do it, then it can be done. They wouldn't have access to any more data than someone with admin privileges in AWS.

Tim

3/3/23, 1:53 AM

To clarify: AWS does not provide a tool that visually shows which resources are connected. Some third party vendors call AWS APIs and use the information they gain from there to create a visual representation of the resources in your account, including connectivity.

Cybernetic

3/3/23, 2:29 AM

@Tim yes that is what I am looking for. Not the visualization tool, but where in the API this information is available. Someone with full admin access should be able to call some API endpoints to gather this connectivity information; I’m assuming.

Tim

3/3/23, 5:49 AM

I think you can get limited information, about what is directly configured to talk to what, such as what EC2 instances an ALB / target group talk to. Otherwise I think it's in the realm of proprietary information. The migration tools might be your best bet, some of them do network level analysis using agents on EC2 instances. You might be better just doing this one the hard way.

Cybernetic

3/3/23, 2:03 PM

@Tim makes sense. Thanks Tim.

Tim

3/4/23, 6:58 PM

You might find this tool useful - not quite what you want but maybe useful anyway. https://github.com/darkbitio/aws-recon?ck_subscriber_id=512836140 . Prowler and Scout Suite are similar.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to show which resources are connected to (depend on) which other resources in AWS

TH: วิธีแสดงว่าทรัพยากรใดเชื่อมต่อกับ (ขึ้นอยู่กับ) ทรัพยากรอื่นใดใน AWS

RO: Cum să arătați ce resurse sunt conectate (depinde de) ce alte resurse din AWS

RU: Как показать, какие ресурсы подключены (зависят) от каких других ресурсов в AWS

VI: Cách hiển thị tài nguyên nào được kết nối với (phụ thuộc vào) tài nguyên nào khác trong AWS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.