How to Visualize Your Cloud deployments - Cloudcraft

This is the second in a ‘series’ of posts highlighting tools I have found particularly useful for visualizing AWS and Azure, including:

In this post we will take a look at Cloudcraft.

Cloudcraft

Cloudcraft is an online diagraming tool that allows you to both create diagrams through a designer interface and also pull in live inventory from AWS via a secure connection. Cloudcraft is all in on AWS. In fact if you are doing a fair amount of work in AWS there is a good chance you are already familiar with Cloudcraft, but if not it is worth checking out. I liken their designer as a “Visio on Steroids” for AWS. The design below was built using the CloudCraft visual designer to illustrate a web app deployment on AWS.

cloudcraft_designer.png

Within the designer you can perform a search to highlight AWS components including a region, tag, or component name. Below we are highlighting all components in the us-east-1 region. This search could be refined for example to show all EC2 instances within the us-east-1 region tagged for production.

cloudcraft_designer_tags.png

In addition to visualizing the deployment, Cloudcraft also offers a pretty impressive budget feature. This breaks down the anticipated cost and allows you to modify the design by exploring different compute, database, storage and networking sizes broken down by cost. When making changes within the budget view your design is automatically updated to reflect the updates. You can also export your design as a PDG for PNG, as well as share via a link to others on your team.

cloudcraft_budget.png

Once deployed, Cloudcraft offers a ‘Live’ mode as part of the professional subscription which allows you to discover and import your AWS inventory into the designer view. Below is the Cloudcraft visualization of the web application deployment highlighted in several of my Terraform posts.

cloudcraft_live.png

Benefits:

  • Allows you to produce an architecture diagram without any need for deployment. After all, sometimes we just want to diagram things without actually deploying them.

  • The web interface is really spectacular. Cloudcraft in my opinion has the best looking 3D and 2D (with integration to draw.io) diagrams, which I find useful for presentations, papers and web posts.

  • Pricing Breakdown: Cloudcraft is completely free for single users to design and save an unlimited number of private diagrams. This includes designer, cost calculations, design documentation and export. The Live features are included in the Pro version along with team collaboration and support which is currently listed as $49/month. For a complete pricing/feature break down check out CloudCraft’s pricing guide.

Nice to Haves:

  • The auto-layout within the ‘Live’ import can be a little clunky and sometime hard to manage. Based on some reading, Cloudcraft recognizes this and has start to improve their auto-layout algorithms.

  • Support only for AWS, it would nice to be able to see support for other clouds (Azure, GCP, etc.)

Creating A CloudMapper Virtual Appliance using Packer

One of my favorite visualization tools for diagraming Amazon Web Services (AWS) environments is Duo CloudMapper. CloudMapper helps you understand visually what exists in your AWS accounts by running a collection against the environment and providing an interactive web page. This is extremely handy for identifying possible network misconfigurations, along with a slew of other benefits. For a full listing why I like this tool check out my post on How to Visualize Your Cloud Deployments with CloudMapper.

Despite it’s power, one of the challenges I have found is to simply get it started and working. CloudMapper is open source built upon other open source products and I have found that there are inevitably build and dependency issues that suck up my time before I can simply use the tool. For these reasons and to make things easier in general, I chose to create and deploy CloudMapper as virtual appliance.

Building the Virtual Appliance

I utilized Packer to provision my CloudMapper virtual appliance. Packer is excellent for creating machine images for multiple platforms from a single source configuration. In this case we will build out an Amazon Machine Image (AMI) with Packer, which will take care of all package installation and dependencies for the build out. You can learn more about all the Packer goodness on the HashiCorp website and Paul Kirby provides a nice overview in his Packer PluralSight course.

  1. Install Packer

  2. Download the cloudmapper.packer template from my GitHub account. (Packer templates are simply JSON files that specify the various components used to create the machine image, and where the build of the image will be saved. In our case we will be creating and deploying our virtual appliance into AWS, but Packer comes with support to build images for Amazon EC2, CloudStack, DigitalOcean, Docker, Google Compute Engine, Microsoft Azure, QEMU, VirtualBox, VMware, and more.)

  3. Specify AWS Credentials for creating our virtual appliance. There are a number of ways to accomplish this but we will use environment variables.

       $ export AWS_ACCESS_KEY_ID="awsaccesskey" 
       $ export AWS_SECRET_ACCESS_KEY="awsecretkey"
  4. Build the image.

    $ packer build -var aws_region="us-west-2" -var ami_id="ami-6cd6f714" -var python_version="3.5.6" cloudmapper.packer
        # aws_region is where the image will be stored.
        # ami_id is the base Amazon Linux image in the region.
        # python version of your choice.

    There are currently some issues with CloudMapper and Python 3.7, so I am using the recommend version of 3.5.6

  5. The build process will take ~10-15 minutes as it needs to compile and pull down all of the components. Once it is complete, Packer will notify of your unique AMI that can now be used for deployment.

packami.png

Deploying the Virtual Appliance

Now that the image for our virtual appliance is available in AWS, let deploy it and run CloudMapper. My preferred way to deploy would be using Terraform but for purposes of this post we will step through the manual steps.

  • Launch an instance using the newly created CloudMapper image. You can accept the defaults providing your instance a public IP with SSH access.

myami.png

Configure CloudMapper by logging in via SSH and performing the final initialization steps. (While these could be automated and built into the image, I get sensitive about saving AWS credentials anywhere even if my image is private. I prefer to specify them when needed.)

  • $ aws configure

    You can specify a full access account to run CloudMapper but I like least privilege so have setup a “Visualization” IAM user with the privileges specified in the CloudMapper readme.

cloudmapperiam.png
myIAMAccount.png
  • Configure CloudMapper’s account information in the config.json file to match aws credentials:

    $ cd ~/cloudmapper
    $ pipenv run python3 cloudmapper.py configure add-account --config-file config.json --name AWS_USERNAME --id AWS_ACCESS_KEY_ID
       #AWS_USERNAME is “friendly name” tied to IAM account   
       #AWS_ACCESS_KEY_ID is the AWS Access Key ID specified in aws configure.

  • Run CloudMapper’s collection against the environment. The collection phase can take some time, as it is truly pulling all the metadata information for your entire AWS account across all components and regions.

    $ pipenv run python3 cloudmapper.py collect --account AWS_USERNAME
  • Prepare the results and launch the webserver to display them.

    $ pipenv run python3 cloudmapper.py prepare --config config.json --account AWS_USERNAME
    $ pipenv run python3 cloudmapper.py webserver --public

  • Create and attach a security group to the instance to make the site publicly available.

securitygroupcloudmapperweb.png
securitygroupcloudmapperwebassign.png
  • Browse to public DNS address of your virtual appliance on port 8000

Please note that these steps show running this instance with a publicly available website. You can certainly deploy this to a private subnet and access through a bastion server, etc which is recommended. It would also make sense to put this site behind a login which I have noted as an opportunity for further improvement. Be sure to stop this instance when you are done using it.

devstagingprod_cloudmapper.png

Further Improvements

Having a readily available virtual appliance that just works is perfect, but there are some further improvements that I think would be handy:

  • Create a docker image of CloudMapper that can be run as a container. (There are some folks who have built this)

  • Save the collection data to an external volume so that it doesn’t live in the running appliance.

  • Create the virtual appliance that can be deployed within other Packer supported platforms, namely vSphere and Azure.

  • Lock down the website behind a username and password.

How to Visualize Your Cloud deployments - CloudMapper

As you are aware, I am a big fan of visualizations.  In fact one of my most popular set of posts centers on using RVTools to collect and visualize a VMware environment.  As much of my focus is now centered on cloud deployments I wanted to highlight some of the tools I have found particularly useful for visualizing AWS and Azure.  These are:

  1. CloudMapper

  2. CloudCraft

  3. Hava

CloudMapper

CloudMapper is a tool from Duo Security for visualizing Amazon Web Services (AWS) cloud environments.  It was build out of a need to help people perform their jobs easier by providing simple and interactive visualizations of their AWS account.  CloudMapper runs a collection process against your AWS account to prepare and build an interactive visualization for each component along with their connections. Some have called it Google Maps for your AWS account, and to put it simply CloudMapper shows how your AWS environment actually looks.

To see the level of interaction check out their online demo of a deployed application in the us-east-1 region. Below is the CloudMapper visualization of the web applicatoin deployment highlighted in several of my Terraform posts.

cloudmapper.png

CloudMapper was built by Scott Piper in conjunction with Duo Security and luckily for us, they have open sourced their work and continue to  maintain it.  Of the three tools mentioned, it definetly provides the most robust view in terms of connectivity and security for visualinzing an AWS environment.  To get started using CloudMapper check out the product page as well as the installation and setup details on GitHub.

Benefits:

  • Especially good for seeing how resources are connected, and visualizing your AWS environment.

  • Interactive web diagram is extremely handy for understanding and validating your deployment.

  • I have found CloudMapper to be the most thorough tool of the three highlighted

  • Free / Open Source

Nice to Haves:

  • Setup is several steps and more involved compared to the other tools. I did run into a number of compatibility issues with some of the backend Python packages - which reminded me that yes, it is open source.

  • Collection phase can take some time, as it is truly pulling all the metadata information for your entire AWS account across all components and regions.

  • Would be nice to have this exported in different formats - currently supports PNG and JSON only. Visio and PDF are some of other formats similar tools support.

  • Support only for AWS, it would nice to be able to see support for other clouds (Azure, GCP, etc.)