Frequently Asked Questions (FAQ)
Q: Does Batfish Enterprise make any changes to my AWS infrastructure?
A: No. Batfish Enterprise is just querying the AWS APIs for information about your infrastructure and so the role we create has read-only credentials.
Q: We heavily use IAM roles and policies to provide users and applications the correct access to our AWS infrastructure. What IAM role and policies are leveraged by Batfish Enterprise to pull my AWS configuration information?
A: The CloudFormation template creates the IAM role and policy required. These are read-only. The specifics are documented in the Getting Started Guide.
Q: Does the Batfish Enterprise application export any of my information to Intentionet?
A: No. None of your data leaves your AWS account. Batfish Enterprise does not have call-home functionality.
Q: My organization leverages multiple accounts and so our network infrastructure is spread out across these accounts. Will Batfish Enterprise work in this environment?
A: Yes, Batfish Enterprise supports analysis across multiple accounts.
Q: I thought that Batfish Enterprise provided pre-deployment validation for my infrastructure. If you are just reading my AWS state, how is that possible?
A: The first release of Batfish Enterprise is focused on providing visibility into the state of your cloud infrastructure. Batfish Enterprise will support pre-deployment validation for AWS (and other public clouds) in the near future, by integrating with Terraform from Hashicorp. Stay tuned for more details on this.
Q: Like most enterprises in AWS, I have multiple private data-centers plus campus and WAN infrastructure? Can Batfish Enterprise analyze my entire network infrastructure together?
A: This specific release packages Batfish Enterprise just for AWS. But Batfish Enterprise has the capability to analyze your hybrid network. Please reach out to us (sales@intentionet.com), and we can help get you set up to analyze your hybrid network.
Q: Our security team deploys virtual instances of our firewalls in AWS to augment the native AWS security capabilities (Security Groups and Network ACLs). Does Batfish Enterprise handle this security model?
A: Batfish Enterprise for AWS does not support virtual instances of routers or firewalls in the initial release. This capability will be supported in a future release. If you can share the specific platforms that you are using, so that we can ensure we prioritize this work appropriately, please reach out to us (sales@intentionet.com).
Q: My company leverages multiple public cloud environments. Does Batfish Enterprise support Azure and GCP?
A: This specific release packages Batfish Enterprise just for AWS. But Batfish Enterprise is designed to support multiple public cloud environments and we will be adding support for Azure and GCP in a future release. If you can share more details on your multi-cloud setup, please reach out to us (sales@intentionet.com), so we can prioritize that work appropriately.