AWS tool for extracting contextual relationship between cloud components
- How many volumes are associated with an EC2 Instance?
- Which EC2-Instances are open to public i.e. have an Elastic IP?
- Are all EC2-Instances covered by the right security groups within the VPC? If not can we detect which ones are open(or closed) and which groups are unused within the VPC?
- What subnets are associated with my application deployment architecture? Do the subnets ensure segmentation and isolation to enhance security?
- How are EC2 Instances distributed across availability zones? Is the ELB configured to balance load between different zones?
- How many AMIs are in use? Is it possible to reduce redundancy?
- How has the architecture changed over time. What new components were added and when?
EDDA, the backend powering this tool is continously evolving and more feature sets are being added by the developer community. This would help us achieve more visibility to some of the cloud management protocols and also open more opportunites for security analysis and research in the cloud environment.