Cloud monitoring for cost and security is built to help you with ongoing costs and security issues monitoring. We also allow you to track potential misconfigurations and suggest improvements for high availability (HA), performance, and operational efficiencies.

Multiple teams will work on different network parts in a highly dynamic, large, and complex environment. Team members will have different levels of understanding of cloud concepts and aspects like cost, security, HA, performance, etc. There could be multiple Infrastructure-as-Code deployments happening daily. All terraform scripts, Code Formation scripts, etc., could run in various environments. How do we know if a change resulted in a critical production issue?

To help you achieve this goal, we have implemented a layered architecture to provide you with rich data models that are easy to consume and understand.

Cloud configuration analysis layers

Our entire analysis pipeline runs multiple processing layers starting with your cloud control plane configuration (raw data). We also refer to them as “findings” layers. Every iteration of processing enriches the current processing layer’s information using full cloud context from the enhanced and raw data layers below. The findings layers are the top 5 layers (costs, potential savings, security, configuration, and recommendations). They are independent of each other.

Cloud Findings Layers


Cloud Findings Layers

  1. Raw control plane data – What we pull from your cloud account configuration.
  2. Highly enriched data layer – We process the raw control plane data to create a rich contextual model. You can read more about Deep Cloud Visibility and Better Cloud Management
  3. Costs layer – Breakdown of costs scoped by components like VPC, Subnets, etc.
  4. Potential savings layer – wasted cloud resources like unused EC2 instances, idle load balancers, unused RDS clusters, etc.
  5. Security issues layer – Cloud Security Posture Management (CSPM) issues detected with your account.
  6. Configuration issues layer – Issues that aren’t directly leading to security or compliance issues but indicate mistakes with your intended configuration.
  7. Recommendations layer – Additional recommendations can help with cloud account clean-up and operational improvements.

Cloud configuration findings with an enriched data model

We overlay the cloud configuration findings on top of the data model displayed on the GUI. So, you get a complete picture if you are looking at any component. The enriched data model helps you understand where exactly the issue is. You don’t need to spend time correlating reports generated by other vendors for your cloud infrastructure data.

Further, the enriched data model helps in making sense of findings that are complicated to understand.


Cloud configuration findings layers overlay on enriched data

APIs to fetch cloud Issues reports

If you want to hook up automation and monitoring to your account, you can do it using our APIs. You can generate the findings report at any level. E.g., you can create the report at a VPC, subnet, etc. level.

Cloud issues with reduced noise

The findings layer processing happens with a complete cloud infrastructure map built by the data enrichment layer (#2). Therefore, the findings layers can make a better decision on

  1. Is this an issue – for, e.g., an unattached or unreferenced security group allowing all from isn’t a concern. Though, it could be classified as a recommendation to delete the security group.
  2. What is the severity level – for, e.g., a private instance that allows all ingress from isn’t classified with a high severity level of security issue.

Track changes to the cloud environment syncs all your connected cloud accounts’ configurations (raw data) using AWS APIs at regular intervals. Altconsole generates all the layers of cloud configuration findings using this raw data at a specific time. We call these cloud snapshots. You can go back in history and look at the state of your cloud infrastructure at any point in time.

Further, you can do a diff between any two snapshots of your cloud infrastructure and monitor for changes.

Cloud Diff


Cloud Diff between two time-snapshots

In the future, will provide you with APIs and a way to download the configuration findings layers diffs.

Comments are closed.