Current AWS virtual private cloud infrastructure
As an administrator, you'd like to have a high level view of every virtual private cloud (VPC) currently configured in AWS, as well as its current availability and Classless Inter-Domain Routing (CIDR) range.
Data required
AWS: Description data
Procedure
- Configure the Splunk Add-on for Amazon Web Services.
- Ensure that your deployment is ingesting AWS data through one of the following methods:
- Pulling the data from Splunk via AWS APIs. At small scale, pull via the AWS APIs will work fine.
- Pushing the data from AWS into Splunk via Lambda/Firehose to Splunk HTTP event collector. As the size and scale of either your AWS accounts or the amount of data to be collected grows, pushing data from AWS into Splunk is the easier and more scalable method.
- Run the following search. You can optimize it by specifying an index and adjusting the time range.
source="*:vpcs" sourcetype="aws:description" |dedup id sortby -_time |table account_id region id cidr_block state |sort +state
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
| Splunk Search | Explanation |
|---|---|
|
|
Search only your VPC instances and filter by description data. |
|
|
Remove duplicate instances by ID and sort the remaining results with the most recent instances first. |
|
|
Display the results in a table with columns in the order shown. |
|
|
Sort the results by state in ascending order. |
Next steps
Sample results for this search are shown in the table below. It shows the number of unique VPCs associated with the account_id, as well as the state, cidr_block, and the id of the eVPC itself. These are all fundamental attributes of a VPC.
account_id |
region |
id |
cidr_block |
state |
|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You might also be interested in other processes associated with the Managing an Amazon Web Services environment use case.