The following sections illustrate VPC network data that Cloud Discovery & Visibility (CDV) imports into Address Manager from Amazon Web Services (AWS).
VPC name changes
As of CDV v24.1, if users change the name of a VPC in the AWS infrastructure, CDV does the following:
Overlapping BAM Configuration: If users change the name of an overlapping network, CDV will update the corresponding Configuration name in BAM (if one exists).
Blocks in BAM IP Space: Names of affected blcoks in IP space in BAM will now reflect its current status in the AWS infrastructure.
These updates occur during both Scheduled Discovery and Visibility Management jobs. Name changes found during Scheduled Discovery jobs are applied only after CDV receives a rerun command. Name changes found during Visibility Management jobs are applied only after CDV receives a message that indicates the name-changing action.
Elastic Network Interfaces (ENI)
If Elastic Network Interfaces is selected in AWS Discovery
options, CDV will import ENIs into BAM as devices. These devices will have a
Device Subtype of Generic Device
and an
Instance Type based on the Interface Type of the ENI in BAM.
If ENIs are used with virtual machines, load balancers, private endpoints, or Elastic Kubernetes Services (EKS), ENIs belonging to that device (or to the EC2 device for virtual machines) will be managed by that device.
Example: No overlapping address spaces
In the following example, two Private VPC networks exist on Amazon Web Services (AWS).
When CDV imports this data into Address Manager, it first creates a configuration based on the Virtual Private Clouds (VPCs) within AWS. Within this configuration, CDV adds the block under the IPv4 or IPv6 tabs, within the IP Space tab.
For example, the following example illustrates data in the IPv4 tab:
If (within the AWS Discovery Options settings) you specified that CDV import AWS Public IP Ranges, CDV automatically imports data from any additional public AWS VPCs that have been assigned to virtual machines or load balancers.
The following example illustrates private VPC data imported to the IPv6 tab:
Similarly, if (in the AWS Discovery Options settings) you tell CDV to import the AWS Public IP Ranges, CDV imports any additional public VPCs that have been assigned to virtual machines or load balancers into Address Manager as IPv6 blocks:
Overlapping address spaces
When AWS VPCs are configured with overlapping address spaces, CDV creates new configurations to account for the overlapping ranges. Depending on the AWS Route 53 configurations in AWS, CDV might also create an additional Route 53 configuration. If users change the name of an overlapping network in the AWS infrastructure, CDV will update the configiration name in Address Manager.
For example, here two private VPCs exist on AWS as the networks vpc-1 and
vpc-2. They have overlapping address space in the range of
10.0.0.0/16
to 10.0.0.0/18
.
When this data is imported into Address Manager, CDV creates two new configurations to account for the overlapping address space: