Cloud Access Visualizer

Overview

Cloud Access Visualizer is a web-based application designed to visualize and analyze user access across multiple cloud platforms, including AWS, GCP, Azure, and Okta. By leveraging Neo4j for graph-based insights, this application provides a comprehensive view of user permissions and resource access.

Features

• Multi-Cloud Support: Integrates with AWS, GCP, Azure, and Okta to gather user access data.
• Graph Visualization: Utilizes Neo4j to represent user access and relationships in a graph format.
• Interactive Dashboard: Provides a user-friendly interface to explore access data and generate insights.

Project Structure

cloud-access-visualizer
├── backend
│   ├── src
│   │   ├── app.ts
│   │   ├── controllers
│   │   │   └── index.ts
│   │   ├── routes
│   │   │   └── index.ts
│   │   ├── services
│   │   │   ├── awsService.ts
│   │   │   ├── gcpService.ts
│   │   │   ├── azureService.ts
│   │   │   ├── oktaService.ts
│   │   │   └── neo4jService.ts
│   │   └── types
│   │       └── index.ts
│   ├── package.json
│   └── tsconfig.json
├── frontend
│   ├── src
│   │   ├── App.tsx
│   │   ├── components
│   │   │   ├── GraphView.tsx
│   │   │   └── AccessTable.tsx
│   │   ├── pages
│   │   │   └── Dashboard.tsx
│   │   └── types
│   │       └── index.ts
│   ├── package.json
│   └── tsconfig.json
└── README.md

Installation

1. Clone the repository:

   git clone https://github.com/yourusername/cloud-access-visualizer.git
   

2. Navigate to the backend directory and install dependencies:

   cd cloud-access-visualizer/backend
   npm install
   

3. Navigate to the frontend directory and install dependencies:

   cd ../frontend
   npm install
   

Usage

Setup & Running the Application

1. Environment Setup:
   • Navigate to the backend directory.
   • Copy .env.example to .env.
   • Fill in the necessary credentials and connection details for AWS, GCP, Azure, Okta, PostgreSQL, and Neo4j.
2. Install Dependencies:
   • In the backend directory: npm install
   • In the frontend directory: npm install
3. Database Migrations (Backend):
   • Ensure PostgreSQL is running and accessible.
   • Run database migrations. (Note: Specific command depends on the migration tool chosen, e.g., npm run migrate up. This needs to be defined in backend/package.json.)
4. Start Servers:
   • Backend: In the backend directory, run npm start (or npm run dev for development).
   • Frontend: In the frontend directory, run npm start.
5. Access the Application: Open your browser and navigate to http://localhost:3000 (or the port specified by the frontend).

Exploring the Dashboard

The main dashboard provides several ways to explore and analyze user access data:

1. Statistics Overview:

   • At the top of the dashboard, you'll find summary statistics showing counts of users, groups, roles, policies, and resources from PostgreSQL, as well as node and relationship counts from Neo4j. This gives a quick overview of the data landscape.

2. User Access Graph Explorer:

   • This section allows you to visualize a specific user's access to resources.
   • User Search:
     • Use the "Search for a User" input bar to find users. You can enter a partial name, email, or platform-specific user ID.
     • Click "Search". A list of matching users will appear below.
     • Click on a user from the results list to select them for graph visualization.
   • Direct User ID Input:
     • Alternatively, if you know the user's global Neo4j ID (e.g., user_AWS_AROAUEXAMPLEID:username), you can enter it directly into the "Or Enter User Global ID Directly" input field and click "Visualize by ID".
   • Filtering the Graph View:
     • Platform Filter: Use the "Filter by Platform" dropdown to select a specific cloud platform (AWS, GCP, Azure, Okta) or "All Platforms". The graph will update to show resources only from the selected platform(s) that the user can access.
     • Resource Type Filter: Use the "Filter by Resource Type" input field to type a specific resource type (e.g., AWS::S3::Bucket, Okta::App, GCP::Compute::Instance). The graph will update to show only resources of that type accessible by the user, respecting the platform filter as well.
   • Graph View:
     • Once a user is selected and filters are (optionally) applied, an interactive graph is displayed.
     • The central node represents the selected user.
     • Other nodes represent resources accessible by that user, matching the filter criteria.
     • Nodes are color-coded by platform.
     • Clicking on any node in the graph will display its detailed information in a panel below the graph.
     • You can pan and zoom the graph for better exploration.

3. Detailed Access Table:

   • Below the graph explorer, the "Detailed Access Table" displays the same set of accessible resources (for the selected user and active filters) in a tabular format.
   • The table shows columns like Resource Name, Type, Platform, and the Global ID (Neo4j) of the resource.
   • This provides an alternative, list-based view of the data shown in the graph.

Data Ingestion (Admin/Setup Task)

• The backend provides API endpoints to trigger data ingestion from configured cloud platforms (AWS, GCP, Azure, Okta) and for manual JSON uploads. These are typically used during setup or for periodic data refreshes.
• Refer to the Backend API Guide for details on how to use these ingestion endpoints (e.g., via tools like Postman or cURL).

Contributing

Contributions are welcome! Please open an issue or submit a pull request for any enhancements or bug fixes.

License

This project is licensed under the MIT License. See the LICENSE file for details.