Capturing historical cloud changes for Security and Compliance
For industries that are subject to regulatory standards, having a comprehensive audit trail of changes can be essential for compliance. It provides evidence of what changed when. This can be particularly useful come audit time when the auditors are only interested in material changes since the last audit.
From an operational perspective, by tracking changes cloud engineers can quickly identify and respond to unauthorized or unexpected changes which could indicate a security breach or non-compliant activity.
Capturing Historical Cloud Changes for Operational Stability
Unplanned or untested changes can lead to service outages. By tracking cloud architecture changes, engineers can quickly identify which modifications may have led to an issue and quickly roll back the changes. When you have a snapshot of previously stable cloud architecture to compare, this task becomes a lot easier.
Changes in cloud architecture have the capacity to affect the performance of applications and services. Monitoring changes and having the ability to compare architecture between two versions or points in time can help correlate changes with new performance issues.
Analyzing Cloud Architecture Changes for Cost Management
Tracking cloud resource changes can help with identifying unused or underutilized resources. Should new resources be introduced that are intended to replace existing ones, you may be left with unused or incorrectly sized resources that can be tuned or terminated. By monitoring the cloud resource changes as they happen, you can jump on these cost saving opportunities straight away.
Budgeting and forecasting also becomes more accurate when you are fully aware of the changes happening in your cloud architecture. Seeing how your architecture evolves, you can better predict future costs and budget accordingly.
Monitoring Cloud Architecture Changes for Change Management
Version control is everything when your environments are managed using infrastructure as code. Tracking changes allows engineers to ensure infrastructure can be deployed, rolled back or replicated and that all the resources changes are included.
In organisations with multiple teams and engineers, tracking and monitoring changes ensures everyone is aware of the changes being deployed by their peers, reducing the chances of conflicts or overlapping work.
Capture Historical Cloud Changes for Continuous Improvement
CI/CD is rapidly being adopted as a product development methodology to ensure continuous improvements reach application users as quickly as possible. By monitoring the effects of changes and being able to track them back to historical architecture changes, engineers can learn from both successful and unsuccessful modifications, leading to better decision making in the future.
Having a record of your architecture changes serves as important documentation to both help onboard new engineers, but also provide historical context for architectural decisions.
How to capture historical cloud changes using Hava
There are many 3rd party products (eg Hava) whicn can take care of the above requirements.
When you connect a cloud account with one of these 3rd party products, the application will scan the cloud configuration and automatically generate interactive diagrams for each VPC or virtual network discovered.
The product will continuously scan your connected cloud accounts and when changes are detected, a new interactive diagram set is generated and the previous version is moved into version history.
Any new VPCs discovered will generate a new diagram set and as the resources in the VPC change over time, the versioning for that VPC will start to build.
Now you are in a position to leverage this power in two ways.
1 — Architectural Monitoring Alerts
For any cloud account (data source) you can set up alerts to be emailed to people you specify when changes are detected.
This means your product owner, project manager, lead engineer, security team or whomever will get notified when architecture changes. Different people can be notified for different environments so they only get the alerts that matter to them.
2 — Cloud Version Comparisons
The major use case for capturing historical AWS, Azure or GCP cloud changes is for version comparison purposes. The ability to easily identify changes visually is where these products excel.
These products retain superseded diagram versions. These are fully operational interactive diagrams that you can pull up, inspect and click around to view the historical configurations and meta data state at the time the diagram version was captured.
Using the revision comparison tool built into a versioning feature, you can simply select any two diagrams to generate a diff diagram showing the changes between the two diagrams.
This could be the current live diagram vs a previous version, or you could select two previous version diagrams to highlight the changes between those two points in time.
In summary, tracking changes in cloud architecture needs to provide visibility, control and insights that are crucial for maintaining security, performance, stability and efficiency in your cloud environments.