Amazon VPC

Least Privileged User

Navigate to the AWS console and create an IAM user with programmatic access. The user will need the following permissions. You can create a policy specifically for these permissions and apply the permissions to the user.

For more information, see: High Level AWS Source Configuration

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeVpcClassicLinkDnsSupport",
        "ec2:DescribeVpcs",
        "ec2:DescribeVpcPeeringConnections",
        "ec2:DescribeVpcEndpointServices",
        "ec2:DescribeNatGateways",
        "ec2:DescribeVpcEndpoints",
        "ec2:DescribeSubnets",
        "ec2:DescribeVpcAttribute",
        "ec2:DescribeRouteTables",
        "ec2:DescribeVpcClassicLink",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics"
      ],
      "Resource": "*"
    }
  ]
}

Connection Parameters

NameRequired?Description
Region
Access Key IDRequired
Secret Access KeyRequired
Additional ThreadsThe number of additional threads allowed to be utilized during collection.
Request Timeout (seconds)The number of seconds to allow for the API to return a response.
Collect CloudWatch Metrics
CloudWatch Historic ModeIf enabled, retrieves a history of data points from CloudWatch. Otherwise, collects only the most recent data point for each metric.

Metrics

NAT Gateway

NameDescription
Active Connection Count (Connections)The total number of concurrent active TCP connections through the NAT gateway.
Connection Attempt Count (Connections)The number of connection attempts made through the NAT gateway.
Connection Established Count (Connections)The number of connections established through the NAT gateway.
Creation TimeThe date and time the NAT gateway was created
Data In From Destination (Bytes)The number of bytes received by the NAT gateway from the destination.
Data In From Source (Bytes)The number of bytes received by the NAT gateway from clients in your VPC.
Data Out To Destination (Bytes)The number of bytes sent out through the NAT gateway to the destination.
Data Out To Source (Bytes)The number of bytes sent through the NAT gateway to the clients in your VPC.
Error Port Allocation (Errors)The number of times the NAT gateway could not allocate a source port.
IDThe ID given to the NAT gateway.
Idle Timeout CountThe number of connections that transitioned from the active state to the idle state. An active connection transitions to idle if it was not closed gracefully and there was no activity for the last 350 seconds.
Packets Drop Count (Packets)The number of packets dropped by the NAT gateway.
Packets In From Destination (Packets)The number of packets received by the NAT gateway from the destination.
Packets In From Source (Packets)The number of packets received by the NAT gateway from clients in your VPC.
Packets Out To Destination (Packets)The number of packets sent out through the NAT gateway to the destination.
Packets Out To Source (Packets)The number of bytes sent through the NAT gateway to the clients in your VPC.
RegionThe AWS Region this object belongs to.
StateThe state of the NAT gateway
Subnet IDThe ID of the subnet in which the NAT gateway is located
TagsThe tags attached to this object.
VPC IDThe ID of the VPC in which the NAT gateway is located

Peering Connection

NameDescription
Accepter VPCThe ID of the Accepting VPC
Accepter VPC OwnerThe Owner of the Accepting VPC
Allow DNS Resolution from Remote VPCIndicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC
Allow Egress from Local Classic Link to Remote VPCIndicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection
Allow Egress from Local VPC to Remote Classic LinkIndicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection
Expiration TimeThe time that an unaccepted VPC peering connection will expire
IDThe ID of the VPC peering connection
Peering Connection StatusThe status of the VPC peering connection
RegionThe AWS Region this object belongs to.
Requester VPCThe ID of the Requesting VPC
Requester VPC OwnerThe Owner of the Requesting VPC
TagsThe tags attached to this object.

Subnet

NameDescription
Assign IPv6 Address on CreationIndicates whether a network interface created in this subnet receives an IPv6 address
Availability ZoneThe Availability Zone of the subnet
Available IP CountThe number of unused private IPv4 addresses in the subnet
CIDR BlockThe IPv4 CIDR block assigned to the subnet
Default for Availability ZoneIndicates whether this is the default subnet for the Availability Zone
IDThe ID of the subnet
Map Public IP on LaunchIndicates whether instances launched in this subnet receive a public IPv4 address
RegionThe AWS Region this object belongs to.
StateThe current state of the subnet
TagsThe tags attached to this object.
VPC IDThe ID of the VPC the subnet is in

Tunnel

NameDescription
Data In (Bytes)The data received through the VPN tunnel.
Data Out (Bytes)The data sent through the VPN tunnel.
IP AddressThe IP address of the tunnel for the virtual private gateway.
RegionThe AWS Region this object belongs to.
StateThe state of the tunnel. 0 indicates DOWN and 1 indicates UP.

VPC

NameDescription
DHCP OptionsThe ID of the set of DHCP options associated with the VPC
IDID of the VPC.
Instance TenancyThe allowed tenancy of instances launched into the VPC
is DefaultIndicates whether the VPC is the default VPC
Primary CIDR BlockThe primary IPv4 CIDR block for the VPC
RegionThe AWS Region this object belongs to.
StateThe current state of the VPC
TagsThe tags attached to this object.

VPN

NameDescription
Dimension VPN IDThe identifier for the VPN connection.
RegionThe AWS Region this object belongs to.
TagsThe tags attached to this object.
Tunnel Data In (Bytes)The data received through the VPN's tunnels.
Tunnel Data Out (Bytes)The data sent through the VPN's tunnels.
Tunnel StateThe state of the VPN's tunnels. 0 indicates DOWN and 1 indicates UP.