Skip to main content

Illumio Segmentation for the Cloud User Guide

Inventory Details

When you click on a resource in the Inventory page, that open details for that inventory item. There, you see the details for that inventory. Details include a summary comprising properties of the inventory item, such as general properties , which are also seen in the inventory table’s default columns. Other details include additional properties that are not a part of general properties. These include IP addresses, K8 versions in the case of an ECS, auto scaling definitions in the case of autoscaling groups, and so forth. The Illumio labels applied, and the cloud tags on the resource, are also shown in the summary of the inventory details. All of these together provide you with a clear understanding of your inventory.

Every resource may have additional details tabs depending on the type of resource. This includes:

  • Attached resources: All the resource types in relation to the resource that is currently viewed

  • Traffic: (If the resource has traffic activities)

For information about the Inventory page itself, see Inventory.

This page describes some types of details that may benefit from further description.

VPC/VNet Peering Details

VPC and VNet peering connection details are provided in the Details pages of VPC and VNET resources in the inventory list.

VPC/VNet Peering Guidelines

  • You can click on any of the peered VPCs or VNets to see further details.

  • You can see in the attributes whether a VPC is shared.

  • The requester/acceptor is defined by the peering connection, so the current VPC or VNet can either be a requester or an acceptor.

  • VPCs and VNets can be peered across accounts. For example, this means you could have two VPC connections, with one VPC in each of the two accounts, but only one peering relationship. Note that to see the full details, you must have both accounts onboarded. For cross-account VPC/VNet connections, if you do not have both accounts onboarded, you will still see the peering connection, but the details of the non-onboarded peer (attached resource) will display only its CSP ID rather than a link to an inventory resource.

  • If you do not have both accounts onboarded, you will still see the peering connection, but the details of the non-onboarded peer (attached resource) will display only its ID rather than a link.

  • Cross-account peering connections for AWS VPCs have the same CSP ID, but cross-account peering connections for Azure VNets will have a different CSP ID for each VNet because Azure CSP IDs include account information within the CSP ID.

Security Control Resource Details

Inbound/Outbound rules are featured for security control resources, including:

  • AWS Security Groups

  • Azure Network Security Groups

  • AWS Network ACLs

On the Details page of any security control resource, you will see two additional tabs: Inbound Rules and Outbound Rules.

  • Inbound rules: These control the incoming traffic that’s allowed to reach the instances associated with the security group

  • Outbound rules: These control the outgoing traffic from your instances

Each of these rules will contain information such as source/destination, port/port range, protocol, etc.

Note

Although AWS security group rules and Azure network security rules are visible on the Details page for AWS security groups and Azure network security groups, Azure network security group rules created before July, 2021 will not appear in the Details page. This is because Illumio Segmentation for the Cloud does not ingest rules created without resource IDs. If any of your rules do not appear due to this issue, recreating the rule will allow it to display.

Route Table Resource Details

The Details page for AWS route tables includes a Routes tab with the following information:

  • Destination: This is the IP address or CIDR block that a route specifies

  • Origin: This describes how the route was created, whether automatically, manually, or by route propagation

  • State: This is the state of the route

  • Target ID: This is the ID of the gateway, network interface, or connection that will receive the destination traffic

The Details page for Azure route tables includes a Routes tab with the following information:

  • Address Prefix: This represents a range of IP addresses (in CIDR notation) to which this route applies

  • Next Hop IP Address: This is the specific IP address of the device (like a virtual network gateway or a network virtual appliance) that will receive the traffic for further routing

  • Next Hop Type: This specifies where traffic should be directed based on a route

  • Route Name: This is a user-defined label for easy identification of the route within the table