Product6 min read

Cloud asset discovery and insights with Fix

Elevate cloud management with Fix for better security, compliance, and cost efficiency.

Looking for resources spread out over multiple accounts and regions can feel like searching for a needle in a haystack. Infrastructure components also shift and change with the needs of the business.

So, how do we gain an exhaustive understanding of the infrastructure we maintain with an environment that never sleeps and resources that are constantly in flux? This understanding is the foundation upon which we build security, compliance, and cost management strategies.

Cloud provider consoles demand a painstakingly meticulous approach to retrieving specific information, while command-line interfaces offer power at the cost of accessibility, requiring precise commands and deep familiarity with CLI syntaxes.

Fix provides a simple, intuitive, and powerful way to discover and understand the assets in your cloud environment. Fix is a cloud asset inventory service that serves as the base for various use cases, including security, compliance, and cost management.

Connecting your cloud accounts in Fix without installing any agent is easy. Fix collects data on all of the resources in your cloud environment, including metadata, configuration, and relationships between resources. A snapshot of this data is taken each hour, so you always have a near-real-time view of your infrastructure.

As a Fix user, you can see your resources across all services, regions, accounts, and cloud providers in one place.

Finding resources in Fix

Full-text search

Fix maintains a full-text search index of all your resources. Simply enter a search term to quickly find resources by name, tags, or any other metadata—no specific knowledge of cloud provider APIs or CLIs required.

In the below example, all resources that include the string “foo” anywhere in their metadata are returned in the search. You could also search for a tag or IPv4 address in the same way to quickly locate resources.

Full-text search in Fix for "foo"

Search filters

Another approach to finding resources is using filters. Fix knows the structure of the resources in your cloud environment and provides a straightforward way to filter resources by kind or based on their properties.

In the following example, I filtered for resources in the “Development” account deployed to regions us-east-1 or eu-central-1 with failing security checks of severity low or higher. You can further narrow down the list to only specific kinds of resources (e.g., EC2 instances, RDS databases, or S3 buckets) or even filter on tags or other deeply nested resource properties.

Search in Fix using filters

In fact, full-text searches are also filters. You can combine a full-text search with other filters. When you define filters in Fix, an “advanced search query” is automatically generated for you. Expert users can directly use Fix’s search syntax, to perform more complex queries.

You can also define sort criteria to order search results and specify which columns to display. Last but not least, you can download the list of resources as a CSV file, allowing you to process the data using your favorite spreadsheet application.

Viewing resources in Fix

Clicking on a search result displays information about the resource.

Basic information

Some attributes are common across all resources, like kind and name, age, account, region, and tags. This essential information is always available at a glance.

A resource's basic information in Fix

Neighborhood

A resource is seldom self-contained and isolated. Rather, resources are part of a larger context and interact with other resources.

Visualizing this context is crucial to understanding, so Fix renders a resource’s “neighborhood” in a graph view. This graph view includes resources directly related to the target resource, plus its “neighbors.”

Below, we have an EC2 Instance TaskWorker-132. It has a network interface attached, an EBS Volume bound, and an SSH keypair deployed. It is controlled by the AWS Systems Manager. You can quickly see information about the VPC, the instance type, and related quotas.

"Neighborhood"/graph view in Fix highlighting an EC2 instance

Click on any resource in the neighborhood to view its details. For example, suppose you are interested in how the EC2 instance from the above image is connected to the Internet. You can click on the EC2 instance’s network interface to see its subnets, security groups, and the VPC in which it is deployed.

"Neighborhood"/graph view in Fix highlighting the network interface of an EC2 instance

Details

The details page shows all the collected information about the resource. This resource data is specific to the resource kind and is usually a lot of data.

Fix renders the data in YAML, a human-readable format that represents the data in a structured way. The resource data adheres to the format defined in Fix’s resource models.

Resource details in Fix

Security issues

Fix collects resource data and runs security benchmarks on that data. A benchmark consists of a set of checks, each of which defines a security best practice.

Security checks in Fix

Failing checks are listed on the details page. The severity of a check is an indicator of how important it is to fix the issue. When you click on a failing check, a description of the risk and remediation steps are displayed.

Security issue details in Fix

Changes

Fix takes a snapshot of your cloud resources every hour. Whenever changes to a resource are detected, an event is produced, and the Fix database is updated.

The Fix database maintains a record of the resource’s previous state, so you can see the difference between the old and the new versions. Not only might a resource’s configuration change, but its security posture may as well. Fix keeps track of security check results so you can see how a resource’s security posture changes over time.

Resource history/timeline in Fix

Every change event has a kind, timestamp, and dedicated visualization. Clicking on an event reveals more detailed information.

Configuration changes

When changes to a resource are detected, Fix provides a diff view that shows exactly how the configuration changed.

The previous configuration are displayed in red, while changes introduced by the new version are printed in green.

Resource configuration change in Fix

A resource’s configuration may change multiple times over its lifetime. The resource history shows all the changes at a glance, while still giving you all the details you need. Consider, for example, a postmortem analysis or security breach: you need to understand not only the current configuration of a resource but also the configuration at a specific moment in time.

Vulnerability changes

Configuration changes might also alter a resource’s security posture; an existing vulnerability could be fixed, or a new vulnerability introduced. The “Security” section contains details about the posture change. (The current security posture is always visible in the “Security” section, while the diff view shows how configuration changes affect it.)

Resource vulnerability change in Fix

Conclusion

Finding and understanding the resources in your cloud environment is the foundation upon which you build your security, compliance, and cost management strategies. Fix provides a simple, intuitive, and powerful way to discover and understand the assets in your cloud environment.

From simple text searches to complex filters, Fix makes it possible to find any resource in your cloud environment. Engineers can quickly find resources without the need to learn the specifics of a cloud provider’s API or CLI. Resource information is exhaustive and includes all metadata, configuration, and relationships with other resources.