modernisation-platform icon indicating copy to clipboard operation
modernisation-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

[SPIKE] Visualise network traffic flows

Open dms1981 opened this issue 2 years ago • 4 comments

User Story

As a Modernisation Platform customer I want to visualise my traffic flows through a centralised dashboard So that I can understand how my resources are consuming network bandwidth

User Type(s)

Modernisation Platform Customer Modernisation Platform Engineer

Value

On a recent call around the CCMS-EBS migration, questions were raised around how instances were consuming bandwidth. We log network traffic through AWS VPC Flow Logs but do not have an easy way of interrogating them to retrieve aggregated figures; our use case has historically been to confirm if flows have been successful, or if they have been blocked by security groups.

It is possible to review these flow logs to give us information on bandwidth consumed by an instance in a certain time window, or even to show us how much bandwidth is in use to or from certain endpoints. AWS have an example architecture published here which could be adapted by us into Terraform, or another option that uses AWS OpenSearch.

This would then allow us, or potentially our customers, to review flow log information in a more granular fashion than a simple CloudWatch metric like NetworkIn or NetworkOut.

Is this a useful starting point - https://g-9d213fbc19.grafana-workspace.eu-west-2.amazonaws.com/d/JQYqhgXSk/core-vpc?orgId=1&from=1723705276457&to=1723726876458

Questions / Assumptions / Hypothesis

Hypothesis

If we give our customers the ability to view flow log information Then they will be able to resolve issues with less MP Engineer involvement

Definition of done

  • [ ] Potential solutions investigated
  • [ ] Discuss options with team
  • [ ] New issue for implementation raised
  • [ ] If time allows, POC implemented

Reference

How to write good user stories

https://aws.amazon.com/blogs/big-data/analyze-and-visualize-your-vpc-network-traffic-using-amazon-kinesis-and-amazon-athena/

https://aws.amazon.com/blogs/big-data/stream-vpc-flow-logs-to-amazon-opensearch-service-via-amazon-kinesis-data-firehose/

dms1981 avatar Feb 14 '23 09:02 dms1981

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar May 16 '23 01:05 github-actions[bot]

would be good but a lower priority

SimonPPledger avatar Jul 06 '23 14:07 SimonPPledger

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar Oct 24 '23 01:10 github-actions[bot]