AWS Step-by-Step

Using AWS Cloud Map To Keep Track of Your Cloud Resources, Part 1

The easiest way to determine what AWS resources exist in your environment at any given time is meant mostly for developers -- but doesn't require any developer skills to use.

• By Brien Posey
• 01/18/2023

One of the things that can make AWS cloud resource management difficult is the fact that the environment tends to be highly dynamic. New virtual machines and containers are likely being created all the time, while older ones are being deleted just as quickly. Similarly, workloads may be designed to scale automatically, causing even more virtual machine instances or containers to be created or deleted on an as-needed basis.

Thankfully, there is a tool that can help you to more easily determine which resources exist at a given moment.

This tool is called AWS Cloud Map. Cloud Map is primarily intended for developers who need a way to programmatically inventory cloud infrastructure components. This tool is also useful for admins because it gives them a quick and easy way to check what resources exist within the AWS cloud right now. Suppose, for example, that a particular workload had begun to perform sluggishly even though it was configured to scale automatically. An admin could use AWS Cloud Map to see if that workload is indeed scaling or if there is a problem.

Before I Begin
Before I show you how to set up AWS Cloud Map, I want to address what I am guessing might be a concern: Although AWS Cloud Map is intended mostly for developers, you won't need any development skills to use it. You can configure the service entirely through the AWS Web interface. Querying AWS Cloud Map to see what resources exist in your environment does require you to use the AWS Command Line Interface, but this process does not involve doing anything that's difficult.

For the purposes of this series, I will show you how to use PowerShell to perform a simple query. If your Windows PowerShell for AWS installation is not up-to-date, it's a good idea to update it before you get started. Some of the older versions of Windows PowerShell for AWS do not work with AWS Cloud Map.

AWS Cloud Map Namespaces
The first step in configuring AWS Cloud Map to keep track of your resources is to create one or more namespaces.

A namespace is really just a group. Every organization uses multiple applications, and if you were to simply lump all of those applications and their resources together, it would be really difficult to tell what's what. A namespace allows you to group together the services that belong to a particular application. For example, if an application leverages a collection of EC2 virtual machine instances, then you could include those instances in a common namespace.

The most important thing you need to know about creating a namespace is that because AWS Cloud Map's job is to help you to keep track of resources that are dynamically created and deleted, you can't just create a static list of virtual machine instances within a namespace. That would defeat the entire point of using AWS Cloud Map in the first place. Instead, the namespace that you create will need a way to query your AWS environment to check for the presence of resources that are associated with a given workload. There are three ways that you can accomplish this.

The first option is to use API calls using something like Python or REST. I'm not going to be addressing API calls in this series since API calls fall squarely in developer territory.

The second option is to use a mixture of API calls and DNS queries within a VPC. This approach allows Cloud Map to locate resources by using DNS queries.

The third option is to use API calls and public DNS queries. Again, you can use this option to track resources through the use of DNS queries.

I am going to use the API-calls-and-queries-in-VPCs option. In doing so, I am going to assume that all of the resources associated with a particular workload exist within a dedicated VPC. Additionally, I am going to assume that the VPC is solely dedicated to that one specific workload and that any other workloads that the organization may have deployed are running in other VPCs.

Now that I have described how a namespace works, it's time to set up AWS Cloud Map. I will walk you through this process in Part 2.