Clarity visualization zones
The clarity visualization shows elements divided into vertical columns (or 'swim lanes'). These dividers serve separate elements based on security groups exposure level to the internet.
The zones, from left to right:
- External Zone: present the Public IP interfaces and IP lists. This zone also shows peered nodes from other accounts.
- DMZ - Exposure to the entire Internet: element is attached to network interfaces that can be accessed from any source (no white-listing defined)
- Partially Open - Exposure to some public Internet addresses: element is attached to network interfaces that can be accessdd from some source locations (white-listing is defined).
- Effectively Internal - External security group assigned to internal instances: One or more services has exposure to some public source locations, but the element is not assigned with public interfaces. Instances and services assigned to this zone should be considered as potentially exposured by minor configuration changes.
- Internal Zone: Services are not exposed to the Internet.
Clarity visualization elements
The display is interactive. By clicking on individual element displayed by Clarity, context is provided in the right hand column. The displayed information is based on both the current view (Security Groups vs. Effective Policy) and the type of selected element.
It is possible to search security groups based on either their name or TCP/UDP port numbers. Clarity will highlight the security groups to which the selected traffic is permitted and will also show origin IP addresses and source security groups. It is also possible to perform a combined search that shows the conjunction of textual search and port search.
The Legend button show what each icon represents:
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.