DDI Central enables you to visualize, monitor AWS VPCs and derive actionable insights as part of its Cloud Observability Integration.
With centralized access to key VPC metadata, subnet allocations, EC2 usage, RDS states, load balancers, and more, DDI Central acts as your one-window interface to govern IP identity in hybrid and cloud-native environments.
AWS VPC (Virtual Private Cloud) is Amazon's virtual network environment that allows you to launch AWS resources like EC2, RDS, or Lambda inside a logically isolated section of the AWS cloud.
It gives you control over:
Here's how to access and analyze AWS VPCs in DDI Central:
The rich visual dashboard provides a macro-level understanding of where your AWS VPC resources are deployed across AWS's geographical datacenters, enabling strategic resource placement and availability checks.
To drill more details about the Subnet Utilization in a VPC, click the More details link in the extreme right end. This takes you to a dedicate page within the VPC dashboard. This page in DDI Central gives you micro-level clarity inside your AWS VPCs. Whether you’re troubleshooting DHCP scope exhaustion, planning IPv6 rollout, or reviewing address hygiene, this view acts as your control tower.
Here you can see six tabs below a specific VPC. Navigate to the Subnet tab to gather more details on subnet behavior and resource usage inside a selected VPC.
There are three powerful sections under the Subnet tab:
This section instantly identifies IP usage hotspots across your VPC — enabling you to detect:
This insight helps you rebalance IP allocations before you run out of space or create inefficient subnet layouts.
Enables health monitoring of your subnet landscape. You can:
The table offers the most complete view of each subnet’s health, capacity, and location in the cloud. Whether you're troubleshooting connectivity issues, scaling infrastructure, or cleaning up unused IP blocks— every field here helps you make faster, more accurate decisions.
How do each field empower administrators
Field Name | What It Means | Why It Matters for Admins |
---|---|---|
NAME | The subnet's user-assigned name or tag (e.g., RDS-Pvt-subnet-2) | Helps admins quickly identify subnets associated with specific projects, applications, or environments. |
SUBNET ID | The unique AWS-assigned identifier for the subnet (e.g., subnet-06b868d4ce40ea3d3) | Required for automation, CLI commands, API calls, and scripting. It ensures there's no ambiguity between subnets. |
STATE | Operational state of the subnet: “available” or “pending” | Tells you whether the subnet is ready for use or still being provisioned. |
VPC | The ID of the VPC in which this subnet resides (e.g., vpc-e8759781) | Essential for mapping subnets to their parent networks. Multiple subnets can exist across different VPCs. |
IPV4 CIDR | The IPv4 address block assigned to the subnet (e.g., 172.31.48.0/25) | Shows the IP range available for use inside this subnet. Critical for IP planning and routing configurations. |
IPV6 CIDR | If enabled, shows the associated IPv6 CIDR block | Indicates whether the subnet supports IPv6, important for dual-stack or IPv6-native deployments. |
AVAILABILITY ZONE | The physical zone in which the subnet is deployed (e.g., ap-east-1a) | Allows admins to ensure HA and fault tolerance by distributing subnets across multiple zones. |
IPV6 ONLY | Displays Yes/No if the subnet supports only IPv6 (Yes = IPv4 disabled) | Useful for verifying whether the subnet is intentionally IPv6-only or legacy dual-stack. |
DNS64 | Indicates whether DNS64 translation is enabled (Yes/No) | DNS64 allows IPv6-only clients to resolve IPv4 destinations. Important for compatibility with IPv4-only apps. |
USAGE | Percentage of IPs currently allocated or consumed in the subnet | A real-time health indicator showing how “full” the subnet is. Useful for forecasting exhaustion. |
AVAILABLE IP | The actual number of IPs still available in the subnet (e.g., 114, 4.1K) | Gives precise capacity planning insight—lets admins know when to reclaim, expand, or reallocate address space. |
This data in whole enables administrators to:
Now navigate to the Instance tab. This view displays all EC2 virtual machines (instances) tied to that VPC — giving admins direct visibility into compute resources and their current operational and networking state. DDI Central will now display a detailed list of EC2 instances deployed within this VPC.
Each instance is listed with the following key fields:
Field Name | What It Tells You | Why It Matters for Admins |
---|---|---|
NAME | The user-friendly label assigned to the instance. | Helps identify the business context of the VM (e.g., "wms-turn2" may relate to a workload or app function). |
ID | The AWS-assigned Instance ID (e.g., i-02891c54b12c0f111). | Required for automation, IAM policies, tagging, or linking to other AWS services. |
STATE | Whether the instance is running, stopped, or in another transitional state. | Allows admins to verify if services are available, or if a resource has been decommissioned. |
TYPE | The performance class of the instance (e.g., c5.12xlarge, m5.2xlarge). | Critical for analyzing compute cost, capacity, and workload suitability. |
AVAILABILITY ZONE | Indicates the specific zone within the region where the instance is deployed (e.g., ap-south-1c). | Ensures high availability through geographic distribution and can guide subnet placement. |
PUBLIC DNS / PUBLIC IPv4 | The public-facing address (and hostname) of the instance. | Useful for SSH access, remote troubleshooting, and DNS-based tracing. |
PLATFORM | The operating system running on the instance (e.g., Linux/Unix). | Confirms compatibility with workloads, agents, or OS-specific policies. |
This data in whole enables administrators to:
Go to the Network Interface tab beside Instances. DDI Central displays every Elastic Network Interface deployed within the selected VPC.
From the same Network Interface tab, scroll further towards right to quickly view the per-interface address mapping. DDI Central makes sure to display deeper address-layer data, helping admins trace every bit of IP allocation tied to an ENI.
Field Name | What It Means | Why It Matters |
---|---|---|
NAME | The user-friendly name of the ENI | Useful for labeling or identifying purpose-specific ENIs |
ID | AWS-assigned unique identifier (e.g., eni-0fb5f57cf9dfe51a3) | Required for CLI operations, automation, and scripting |
SUBNET ID | Indicates which subnet this ENI belongs to | Useful for subnet-bound security tracing |
VPC ID | Parent VPC of the ENI | Helps visualize ENI placement in network topology |
INSTANCE ID | The EC2 instance the ENI is attached to | Correlates virtual machines to network interfaces |
AVAILABILITY ZONE | Region subdivision hosting the subnet (e.g., ap-east-1b) | Helps plan zone-level HA or zonal failover designs |
SECURITY GROUP NAME | Human-readable name of security policy | Indicates which rule set is applied to the ENI traffic |
SECURITY GROUP ID | AWS identifier for the security group (e.g., sg-c57f7dad) | Enables fine-grained policy enforcement and audit trails |
PUBLIC DNS | Resolves public-facing DNS endpoint if assigned | Enables DNS-based tracing and resolution |
MAC ADDRESS | Hardware address of the ENI | Identifies interface at Layer 2 or for DHCP-based configs |
PRIVATE IPV4 | Internal IP used within the VPC | Core to routing, security policies, and app connectivity |
PRIVATE DNS | DNS record mapped to internal IP | Enables internal name resolution within the VPC |
PUBLIC IPV4 | The public-facing IP assigned | Required for internet access or SSH/RDP visibility |
IPV6 IPS | Any IPv6 addresses assigned | Indicates readiness for IPv6 workloads |
STATUS | Current state (e.g., in-use) | Helps detect stale or active network interfaces |
Now switch to the Load Balancers tab within the selected VPC view. DDI Central displays an insightful table that provides a unified view of all Elastic Load Balancers (ELBs) associated with the selected AWS VPC. It helps administrators assess traffic flow distribution, high availability, and fault tolerance.
The table presents the following insights:
Field | What It Represents | Why It Matters |
---|---|---|
Name | User-assigned identifier for the Load Balancer (e.g., load5-test ) | Helps distinguish between different ELBs across staging, production, or test environments. |
DNS Name | Endpoint used by clients to reach the ELB (e.g., *.elb.amazonaws.com ) | Critical for traffic routing and ensuring DNS resolves correctly for your apps. |
State | Indicates if the ELB is active or inactive | Shows readiness for use or if troubleshooting is required for deactivated ELBs. |
VPC ID | The virtual network the ELB belongs to (e.g., vpc-e8759781 ) | Ensures the ELB is correctly placed within the expected network boundary. |
Availability Zone | Number of AZs spanned (e.g., 2 Zone(s) , 3 Zone(s) ) | Indicates fault tolerance and resiliency — more zones mean better redundancy. |
Type | The ELB category: network , application , or gateway | Helps match the load balancer to the correct OSI layer and traffic handling behavior. |
Now switch to the Load Balancers tab within the selected VPC view. DDI Central displays an insightful table that provides a unified view of all Elastic Load Balancers (ELBs) associated with the selected AWS VPC. It helps administrators assess traffic flow distribution, high availability, and fault tolerance.
The table presents the following insights:
The RDS inventory of a VPC presents the following insights:
NAME | STATUS | ENGINE | AVAILABILITY ZONE | VPC ID |
---|---|---|---|---|
database-1 | available | sqlserver-se | ap-east-1a | vpc-e8759781 |
database-2 | available | oracle-se2 | ap-east-1c | vpc-e8759781 |
database-2-instance-1-bhuvana | available | aurora-postgresql | ap-east-1c | vpc-e8759781 |
database-4 | available | postgres | ap-east-1c | vpc-e8759781 |
database-7-instance-1 | available | aurora-postgresql | ap-east-1c | vpc-e8759781 |
database-6 | available | mysql | ap-east-1c | vpc-e8759781 |
database-3 | available | mariadb | ap-east-1c | vpc-e8759781 |
With AWS integration, network administrators can extract deep value from AWS subnet visualizations within DDI Central. Rather than focusing on just the VPC layer, this guide emphasizes subnet-level observability—your most granular and dynamic layer for IP planning, access routing, and service segmentation.
In AWS:
In the context of VPCs (Virtual Private Clouds) in AWS, a subnet is a segment of the IP address range of a VPC where you can place your resources, such as EC2 instances, RDS databases, and Lambda functions.
Here’s a breakdown:
What Is a Subnet:
Relationship to VPC:
Types of Subnets:
What are Tags? Why do subnets often have more visible or required tags?
AWS allows tagging of almost all resources, including VPCs and subnets. Tags are key-value pairs (e.g., Environment: Production) used for:
VPCs can be tagged, but often serve as a broader container. On the other hand, subnets are closer to where resources live and route traffic—so tagging them helps AWS services, administrators, and automation tools make better decisions.
Subnets within a VPC must be associated with specific Availability Zones (AZs), and they can span different AZs. A VPC’s CIDR block (e.g., 10.0.0.0/16) is a large IP address range that you can subdivide into multiple subnets. Each subnet is mapped to exactly one Availability Zone.
You can (and should) create and spread multiple subnets in different AZs as it is essential for:
Here’s how to access and analyze AWS VPCs in DDI Central:
This screen above provides an aggregated regional view of all subnets across multiple VPCs, empowering teams to understand how IP space is fragmented and utilized. In essence, this dashboard transforms raw subnet metadata into actionable intelligence—supporting cost control, risk mitigation, and uptime for network-driven workloads.
While the subnet is a slice of the VPC, this section helps confirm which VPCs the subnet lives under and their CIDR plans. This VPC tab contextualizes the subnet within the broader cloud network architecture—giving the admin the visibility to enforce policy, plan growth, and troubleshoot intelligently.
Gives a list of virtual machines actively or historically using the subnet. It provides subnet-level visibility into the EC2 instances. Even in a read-only view, each field is rich with operational value for a network administrator overseeing workload distribution, access, and security posture. This view lets a network admin zoom in on how compute resources behave, communicate, and are distributed within a single subnet slice—essential for maintaining a secure, efficient, and well-architected cloud network.
This section displays all ENIs of a subnet.
Provides visibility into DNS-driven traffic handling for workloads hosted in or routed through the subnet's VPC.
This view, even at a glance, is a tactical hub for understanding how load-balanced traffic flows through a network slice (subnet) in a complex AWS environment. Highlights DNS path redundancy and fault-tolerant delivery per subnet-aware applications.
Displays databases deployed in or routed through the subnet.
Displays databases deployed in or routed through the subnet.
In short, this tab gives subnet-level clarity into how data workloads are distributed, isolated, and operating—essential for maintaining secure, high-performing infrastructure in cloud-native environments.
Focusing on the subnet—not just the VPC—provides: