AWS Compute
The AWS Compute Analyzer provides insights into your compute infrastructure, including EC2, ECS, Lambda, and Elastic IPs. It helps engineers monitor resource states, identify security misconfigurations, and optimize resource usage.
Required Blueprints: AWS
Sightlines
| Sightline | Description |
|---|---|
| EC2 Instance State | Provides a comprehensive view of EC2 instance states across the environment, helping identify stopped or terminated i... |
| EC2 Instance Type | Tracks the types of EC2 instances in use, including reserved, spot, and scheduled instances for cost optimization and... |
| EC2 Network Connectivity | Surfaces network connectivity details including security group configurations and public versus private instance dist... |
| EC2 Instance Access | Provides visibility into EC2 instance access configurations such as IAM roles and key pairs, identifying instances wi... |
| EC2 Instance AMIs | Monitors attached and unattached AMIs to optimize storage and improve resource utilization. |
| ECS Cluster | Provides detailed ECS cluster metrics including services, tasks, and regional distributions for workload management a... |
| Lambda Functions | Highlights Lambda function usage and runtime, helping identify errors and optimize performance. |
| Elastic IP | Monitors Elastic IP usage, distinguishing between attached and detached IPs for cost management. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
aws.ec2.Instance, aws.ec2.InstanceImage, aws.ec2.SecurityGroup, aws.ecs.Cluster, aws.ecs.Service, aws.ecs.Task, aws.lambda.Function, aws.ec2.Address, aws.ec2.KeyPairInfo, aws.ec2.ReservedInstances
Related Analyzers
- AWS IAM — EC2 instance profiles and IAM roles control compute access
- AWS Network — Instances are placed in VPCs/subnets with security groups
- AWS Storage — EC2 instances access S3 buckets via IAM roles
- Software Composition Analysis — Container images deployed to ECS/EC2
- Kubernetes — Container orchestration on ECS and EKS
Insight Feed Alerts
Public EC2 Instances Exposing Non-public S3 Buckets Count
Identifies public EC2 instances exposing non-public S3 buckets, a critical security risk that could lead to data breaches.