Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
You can easily customize the network configuration for your Amazon Virtual Private Cloud. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.
Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.
CloudCheckr provides various reports for keeping track of your VPC usage:
- List of VPCs
- Traffic Analysis
- Common Searches
- Customer Gateways
- Internet Gateways
- NAT Gateways
- Network ACLs
- Peering Connections
- Route Tables
- VPN Connections
- Virtual Private Gateways
To review the VPC features, from the left navigation pane, select Security > Secure Configuration > VPC.
The VPC Summary report provides a high-level overview of all of the VPC traffic associated with your account. This page has summary and various detail tables on your VPC.
The VPC Summary table contains the following information:
- VPCs – The total number of VPC’s associated with your account
- Subnets – The total number of subnets associated with your AWS account
- Customer Gateways – The total number of customer gateways associated with your account Customer Gateways connect your corporate network to a VPC using a VPN
- Internet Gateways – the total number of Internet Gateways associated with your AWS account. Internet Gateways connect your VPC to the public Internet.
- Publicly Accessible Subnets – The total number of publicly accessible subnets associated with your account.
- Private Subnets – The total number of private subnets assocaited with your account
- DHCP Option Sets – The total number of DHCP Option Sets associated with your AWS account
VPCs By Region
The VPC’s by region chart shows you the total number of VPC’s associated with the regions listed. This report has the following parameters:
- Region: The region where the subnet is located
- VPC: The number of VPC’s locates in theat region
List of VPCs
The list of VPCs report provides a filter so you can search the entire inventory of VPCs associated with your AWS account.
The filter option allows you to filter by Region and VPC ID. The results include:
- VPC ID
- Instance Tenancy
- DHCP Option Set
This report also includes valuable CIDR Information:
- Number of hosts in this CIDR range
- Usable IP’s
- Wildcard bits
It also includes the following information:
- internet gateways
- Route Tables
- Network ACLs
- Available resources in the VPC
- Subnets in the VPC
The traffic analysis report provides details on the gateways that permit traffic to move through to your VPC. Traffic to a VPC flows from an Internet Gateway or Virtual Private Gateway.
As it enters the VPC, it passes through a Routing Table and is filtered by a Network ACLs before entering a subnet. Once into the subnet, the traffic is verified by VPC Security groups before reaching a resource (such as an EC2 Instance).
CloudCheckr also provides information on the route tables and subnets associated with your VPCs.
The Traffic Analysis Report allows you to filter by region and VPC ID.
This report helps you build a common search.
Click here for more information on how to use this report.
- Select an option.
- Type any paramters if applicable.
- Click Search.The List of Network ACLs report, with all the appropriate filters, will open.
- From the List of Network ACLs report, modify your search.
Cloudcheckr takes the information on your subnets and divides them in to two reports:
- Summary – A summary of the subnets associataed with your AWS account. This includes charts with your subnets by region as well as your subnets by VPC.
- List of Subnets – This is a filterable detail report of subnets associated with your AWS account. You have the ability to filter by availabiity zone, region, state, subnet ID, Tag and VPC.
Cloudcheckr takes the infomation on your Network ACLs and divides it into two separate reports:
- Summary – The ACL summary report is a high level summary of all the ACL activity associated with your AWS account. In this we include the number of network ACL outbound rules, the inbounc rules as well as a chart for network ACLs by region and network ACLs by VPC.
- List of ACLs – The list of ACLs report gives you filterable information on every ACL associated with your AWS account. You can filter this information by a variety of different parameters including protocol list, region, VPC, and more.