Amazon VPC
Least Privileged User
Navigate to the AWS console and create an IAM user with programmatic access. The user will need the following permissions. You can create a policy specifically for these permissions and apply the permissions to the user.
For more information, see: High Level AWS Source Configuration
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcs",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeNatGateways",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcClassicLink",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": "*"
}
]
}
Connection Parameters
| Name | Required? | Description |
|---|---|---|
| Region | ||
| Access Key ID | Required | |
| Secret Access Key | Required | |
| Additional Threads | The number of additional threads allowed to be utilized during collection. | |
| Request Timeout (seconds) | The number of seconds to allow for the API to return a response. | |
| Collect CloudWatch Metrics | ||
| CloudWatch Historic Mode | If enabled, retrieves a history of data points from CloudWatch. Otherwise, collects only the most recent data point for each metric. |
Metrics
NAT Gateway
| Name | Description |
|---|---|
| Active Connection Count (Connections) | The total number of concurrent active TCP connections through the NAT gateway. |
| Connection Attempt Count (Connections) | The number of connection attempts made through the NAT gateway. |
| Connection Established Count (Connections) | The number of connections established through the NAT gateway. |
| Creation Time | The date and time the NAT gateway was created |
| Data In From Destination (Bytes) | The number of bytes received by the NAT gateway from the destination. |
| Data In From Source (Bytes) | The number of bytes received by the NAT gateway from clients in your VPC. |
| Data Out To Destination (Bytes) | The number of bytes sent out through the NAT gateway to the destination. |
| Data Out To Source (Bytes) | The number of bytes sent through the NAT gateway to the clients in your VPC. |
| Error Port Allocation (Errors) | The number of times the NAT gateway could not allocate a source port. |
| ID | The ID given to the NAT gateway. |
| Idle Timeout Count | The number of connections that transitioned from the active state to the idle state. An active connection transitions to idle if it was not closed gracefully and there was no activity for the last 350 seconds. |
| Packets Drop Count (Packets) | The number of packets dropped by the NAT gateway. |
| Packets In From Destination (Packets) | The number of packets received by the NAT gateway from the destination. |
| Packets In From Source (Packets) | The number of packets received by the NAT gateway from clients in your VPC. |
| Packets Out To Destination (Packets) | The number of packets sent out through the NAT gateway to the destination. |
| Packets Out To Source (Packets) | The number of bytes sent through the NAT gateway to the clients in your VPC. |
| Region | The AWS Region this object belongs to. |
| State | The state of the NAT gateway |
| Subnet ID | The ID of the subnet in which the NAT gateway is located |
| Tags | The tags attached to this object. |
| VPC ID | The ID of the VPC in which the NAT gateway is located |
Peering Connection
| Name | Description |
|---|---|
| Accepter VPC | The ID of the Accepting VPC |
| Accepter VPC Owner | The Owner of the Accepting VPC |
| Allow DNS Resolution from Remote VPC | Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC |
| Allow Egress from Local Classic Link to Remote VPC | Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection |
| Allow Egress from Local VPC to Remote Classic Link | Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection |
| Expiration Time | The time that an unaccepted VPC peering connection will expire |
| ID | The ID of the VPC peering connection |
| Peering Connection Status | The status of the VPC peering connection |
| Region | The AWS Region this object belongs to. |
| Requester VPC | The ID of the Requesting VPC |
| Requester VPC Owner | The Owner of the Requesting VPC |
| Tags | The tags attached to this object. |
Subnet
| Name | Description |
|---|---|
| Assign IPv6 Address on Creation | Indicates whether a network interface created in this subnet receives an IPv6 address |
| Availability Zone | The Availability Zone of the subnet |
| Available IP Count | The number of unused private IPv4 addresses in the subnet |
| CIDR Block | The IPv4 CIDR block assigned to the subnet |
| Default for Availability Zone | Indicates whether this is the default subnet for the Availability Zone |
| ID | The ID of the subnet |
| Map Public IP on Launch | Indicates whether instances launched in this subnet receive a public IPv4 address |
| Region | The AWS Region this object belongs to. |
| State | The current state of the subnet |
| Tags | The tags attached to this object. |
| VPC ID | The ID of the VPC the subnet is in |
Tunnel
| Name | Description |
|---|---|
| Data In (Bytes) | The data received through the VPN tunnel. |
| Data Out (Bytes) | The data sent through the VPN tunnel. |
| IP Address | The IP address of the tunnel for the virtual private gateway. |
| Region | The AWS Region this object belongs to. |
| State | The state of the tunnel. 0 indicates DOWN and 1 indicates UP. |
VPC
| Name | Description |
|---|---|
| DHCP Options | The ID of the set of DHCP options associated with the VPC |
| ID | ID of the VPC. |
| Instance Tenancy | The allowed tenancy of instances launched into the VPC |
| is Default | Indicates whether the VPC is the default VPC |
| Primary CIDR Block | The primary IPv4 CIDR block for the VPC |
| Region | The AWS Region this object belongs to. |
| State | The current state of the VPC |
| Tags | The tags attached to this object. |
VPN
| Name | Description |
|---|---|
| Dimension VPN ID | The identifier for the VPN connection. |
| Region | The AWS Region this object belongs to. |
| Tags | The tags attached to this object. |
| Tunnel Data In (Bytes) | The data received through the VPN's tunnels. |
| Tunnel Data Out (Bytes) | The data sent through the VPN's tunnels. |
| Tunnel State | The state of the VPN's tunnels. 0 indicates DOWN and 1 indicates UP. |
Updated over 4 years ago