Inventory Details
When you click on a resource in the Inventory page, that open details for that inventory item. There, you see the details for that inventory. Details include a summary comprising properties of the inventory item, such as general properties , which are also seen in the inventory table’s default columns. Other details include additional properties that are not a part of general properties. These include IP addresses, K8 versions in the case of an ECS, auto scaling definitions in the case of autoscaling groups, and so forth. The Illumio labels applied, and the cloud tags on the resource, are also shown in the summary of the inventory details. All of these together provide you with a clear understanding of your inventory.
Every resource may have additional details tabs depending on the type of resource. This includes:
Attached resources: All the resource types in relation to the resource that is currently viewed
Traffic: (If the resource has traffic activities)
Resource Graph: Each resource has a graph that shows the resource and its related resources in a graphical structure. (This feature is in preview and is subject to limitations listed toward the end of this topic).
For information about the Inventory page itself, see Inventory.
This page describes some types of details that may benefit from further description.
VPC/VNet Peering Details
VPC and VNet peering connection details are provided in the Details pages of VPC and VNET resources in the inventory list.
VPC/VNet Peering Guidelines
You can click on any of the peered VPCs or VNets to see further details
The requester/acceptor is defined by the peering connection, so the current VPC or VNet can either be a requester or an acceptor
VPCs and VNets can be peered across accounts. For example, this means you could have two VPC connections, with one VPC in each of the two accounts, but only one peering relationship. Note that to see the full details, you must have both accounts onboarded. For cross-account VPC/VNet connections, if you do not have both accounts onboarded, you will still see the peering connection, but the details of the non-onboarded peer (attached resource) will display only its CSP ID rather than a link to an inventory resource.
If you do not have both accounts onboarded, you will still see the peering connection, but the details of the non-onboarded peer (attached resource) will display only its ID rather than a link
Cross-account peering connections for AWS VPCs have the same CSP ID, but cross-account peering connections for Azure VNets will have a different CSP ID for each VNet because Azure CSP IDs include account information within the CSP ID
Security Control Resource Details
Inbound/Outbound rules are featured for security control resources, including:
AWS Security Groups
Azure Network Security Groups
AWS Network ACLs
On the Details page of any security control resource, you will see two additional tabs: Inbound Rules and Outbound Rules.
Inbound rules: These control the incoming traffic that’s allowed to reach the instances associated with the security group
Outbound rules: These control the outgoing traffic from your instances
Each of these rules will contain information such as source/destination, port/port range, protocol, etc.
Note
Although AWS security group rules and Azure network security rules are visible on the Details page for AWS security groups and Azure network security groups, Azure network security group rules created before July, 2021 will not appear in the Details page. This is because Illumio Cloud does not ingest rules created without resource IDs. If any of your rules do not appear due to this issue, recreating the rule will allow it to display.
Route Table Resource Details
The Details page for AWS route tables includes a Routes tab with the following information:
Destination: This is the IP address or CIDR block that a route specifies
Origin: This describes how the route was created, whether automatically, manually, or by route propagation
State: This is the state of the route
Target ID: This is the ID of the gateway, network interface, or connection that will receive the destination traffic
The Details page for Azure route tables includes a Routes tab with the following information:
Address Prefix: This represents a range of IP addresses (in CIDR notation) to which this route applies
Next Hop IP Address: This is the specific IP address of the device (like a virtual network gateway or a network virtual appliance) that will receive the traffic for further routing
Next Hop Type: This specifies where traffic should be directed based on a route
Route Name: This is a user-defined label for easy identification of the route within the table
Details Resource Graph
When you click on the details for a given resource, you can go to the Resource Graph tab for a visual representation of that resource's relationships to sources, destinations, and attached resources. For example, if you selected the graph for an EC2 instance you could see:
The EC2 instance depicted in the center of a series of concentric rings
An inner ring, depicting each of the attached resources such as subnets, VPCs, security groups, and network interfaces
An outer ring, depicting the individual instances of the attached resources shown in the inner ring. For example, you might see an outer ring listing one or more individual network interfaces and their ID numbers.
A series of incoming flow lines from the left, depicting sources such as other EC2 instances, ENIs, IPs, and so forth, for which the EC2 instance in the center is the destination
A series of outgoing flow lines to the right, depicting destinations such as RDS DB clusters, ENIs, IPs and so forth, for which the EC2 instance in the center is the source
The following figure provides an example.
Details Resource Graph limitations
The following are limitations of the resource graph:
If there is no traffic going in or out of the resource, you do not see traffic flows
The resource graph does not show rules
If a resource does not have attached resources, it does not have a resource graph