AWS Architecture Diagrams 

Automated AWS Diagrams, Reports, Monitoring Alerts and Security Visualization



What is

Hava automates your AWS cloud documentation production by automatically generating a suite of interactive diagrams and reports when you connect Hava to your AWS account.  Once connected your diagrams are constantly updated so you always have accurate documentation to hand and you can optionally set alerts to let you know when your architecture changes.

Creating AWS architecture diagrams with is as simple as creating a read-only AWS cross-account role and plugging the credentials into Hava.  The application will then scan your account configuration and produce a set of fully interactive diagrams laid out by VPC.

This automated process saves hours or days over traditional drag and drop diagram builders by providing logically laid out cloud topology diagrams that make it easy for your security team and engineers to see what's running where and helps identify potential improvements or vulnerabilities.

Versioning built into Hava means you can inspect how your architecture looked at any point in time giving you the ability to compare any two revisions via Diff Diagrams

Let's take a look at the different views of your network topology automatically generated by Hava. 


AWS Infrastructure View




Your AWS network will be visualized by logicially laying out one VPC per diagram. The AWS regions discovered are represented by the columns within the VPC. Each region will contain your subnets configured within each region.

With your environment visualised in this "Infrastructure View" you can select items and resources displayed on the interactive diagram to dig into the attributes of the selected resource, subnet or VPC.

This view gives you a visual prompt in relation to the regional redundancy built into your network design. Can your application survive an individual region outage? 

You are able to optionally display resource names and connections which by default are not displayed to keep the diagram uncluttered. There are manual canvas controls to scale and adjust the diagram. The standard infrastructure view out of the box provides the key information needed by Engineers, DevOps and Management and saves you hours or even days of tedious drag and drop diagramming. 

Being automated, your diagrams will reflect exactly what is running now in an easy to understand environment visualization.


Interactive Diagrams

Far from being a static diagram, all the diagrams created by Hava are fully interactive. Clicking on a VPC, Subnet or individual resource will change attribute pane on the side of the diagram to display contextual information about the resource you just selected.


AWS Architecture Diagram auto generated bu Hava


Should there be settings or items in the attribute pane that are selectable, doing so will reveal further information and details about that resource. When viewing the attributes of a top level VPC for instance, the security groups will be shown. Hovering over a security group name will highlight on the diagram all the resources that belong to that group.

Similarly, clicking on the security group name will change the contents of the attribute pane to the attributes of the selected security group.  This means that you can save valuable time by viewing attributes and deeper information about your visualized resources directly on the diagram without having to exit out to your AWS console.

There is also an "Extended Infrastructure View" that details more information on the diagram like external and internal IP addresses, full resource names, file storage capacities and a "List View" that provides a sortable list of all the discovered resources that is exportable. The list view data will contain items like network cards and rule sets that are not visualised on the diagrams.


AWS Container Diagrams

If you are building containerised solutions using AWS, Hava will visualise these in a "Container View" diagram.

The below diagram depicts an ECS Cluster with multiple ECS Service instances within the cluster that contain multiple tasks per service. The task status is represented by different colours for "Running", "Pending", "Stopped" etc 

Colour codes include Green = OK, Yellow = Transitioning, Red = Warning, White = Stopped or Empty which gives you an immediate visual guide of exactly what's going on and if anything needs attention.



AWS Security Diagrams

One of the most important aspects of cloud computing solutions is security and security should be a central component of your AWS diagram toolset.

Visualizing your AWS security configuration allows your security team to immediately see what security groups have been set up, what they control, what ports are open and how IP traffic enters and exits your network. 

A visualized security configuration can instantly highlight vulnerabilities like open ports or network ingress points that have been misconfigured. Your security team can potentially pick up problems in seconds that would otherwise go unnoticed or take hours to uncover trawling through console settings.


AWS Security Group Diagram Auto Generated by Hava


Custom AWS Diagrams

While automatically generated AWS diagrams delineated by VPC are incredibly useful and time saving, sometimes you need to diagram specific elements within your VPC or to collate resources from different VPCs or even different cloud providers.  

Hava's toolset addresses this with a very flexible query and search tool that allows you to build custom diagrams based on numerous criteria like region, resource name, VPC name and even arbitrary tags.

This enables you to customise diagrams to just include the key information you need that is dynamic and ready to view at a glance.

Custom Environment Diagrams can be used to:

    • Filter and diagram only the specific components of your environment you are interested in viewing

    • Combine data from separate environments into one diagram

    • Combine data from separate cloud providers into one diagram

    • View specific components from multiple sources on the one diagram

The search and filter box at the top of the environments dashboard is the starting point for creating a custom diagram and contains prompts for the available filters.



Using the region: search parameter for instance, would return anything in the specified region, including resources in any matching Azure or GCP data sources you have connected to Hava.

Ie:    region:us-west-1 or region:us-west-2  would construct a diagram with any of your resources found in the nominated regions.
Quite complex queries can be constructed using the query/search function like: 
(vpc:vpc-1234 and ((CostCenter:dev and !Owner:"Jim Smith") or (CostCenter:test and !Owner:"Jim Smith"))) or
(vpc:vpc-4567 and (@type:"AWS::EC2::Instance or type:"AWS::RDS::DBInstance"))


Using the Deep Search modifier "@" within the query, the search will also return resources connected to the ones that meet your search criteria.


You can use this feature to quickly locate a resource from within 100's of connected cloud accounts with a single search command.


Always up to date

Automatically generating AWS network topology diagrams ensures you have accurate documentation. However they are only accurate until the next configuration change. Hava continuously syncs your standard and custom diagrams, so an up-to-date documentation set is always at hand. Should you need "up to the second" updates, you can manually sync your data sources at any time to build a fresh set of diagrams on the fly using the Hava Console, Hava's CLI, API or using one of the many pipeline integrations such as Terraform or GitHub..



While automatically updated AWS diagrams ensure your documentation is always up to date, you may need to know what your network looked like prior to the configuration change. During an audit or unexpected network behaviour you may need to know what the config looked like last month or even 3 months ago. 


AWS Environment Diagram Versioning


Hava addresses this important requirement by retaining a full interactive document set every time a diagram is superseded. The superseded document set is retained in a version history. The older versions can be opened and inspected interactively just like the current document set and even exported for external archiving. 

Diff View

One of the unique features of Hava is the ability to compare any two diagram versions using the Diff View.



This on demand view shows you exactly what changed between the two architecture diagrams selected (points in time) - You get to see what was added and what was taken away which can be invaluable if you are trying to track down the cause of an outage or unexpected application errors.


Architectural Monitoring Alerts

When things change in your cloud architecture, you're probably going to want to know about it. Your security team might be quite interested too.




By setting up Alerts in Hava, you can nominate individuals to receive alerts when changes are detected. Alerts are placed in the Hava alerts console and an email is sent to everyone you nominate with a diff diagram showing you the changes that triggered the alert.

You get to know straight away so you can assess the impact on budget, security and application performance. You get to avoid architecture drift or nasty bill shock when the AWS invoice arrives at the end of the month.



Additional Reporting

In addition to the traditional diagram set you would expect from an AWS diagram application, Hava also includes an AWS compliance report. This management style report is based on the AWS trusted advisor methodology.

The AWS Compliance report includes an account summary, region usage analysis, interactive graphs covering resources by region, total resources in use, IAM users and roles and finally a report segment on AWS compliance.

The findings will highlight configuration issues and tag them as low, medium or high concerns and will detail the findings and suggested best practice resolutions.

The reports are automatically generated and can be exported on demand.


Embeddable Viewer 

Hava provides an iframe code generator that allows you to embed a fully interactive diagram anywhere that allows iframes.  This allows you to provide access to diagrams without API calls, log in credentials, or complex code.

Typically used for intranets, wikis, documentation, development cards, support tickets, and dashboards.

Hava's Confluence plug-in allows for easy placement of live interactive Hava diagrams in your Wiki.



Hava has a fully featured CLI 

This will enable you to perform functions like adding new cloud accounts or environments to your Hava account as well as generating and updating diagrams as you deploy resources via IaC or command line scripts.

This delivers absolute real-time architecture and security diagrams without the need to wait for scheduled syncs or having to request updates manually.

This powerful tool is a CLI binary to interface with the Hava API so that cloud practitioners to script commands inside pipeline tools like:

  • Github Actions
  • Gitlab CI
  • Azure DevOps
  • Circle CI
  • Buildkite
  • Jenkins

Leveraging Hava's CLI ensures your cloud documentation is updated in real-time from right within the CI/CD tools you already use.





Hava has a fully featured API that enables you to pull config data, fire sync requests and any perform number of tasks and functions.

The API can be used to extend Hava's functionality. Customers have documented tasks like adding animated gifs of a network topology diagram as a build pipeline artifact

The API functions include listing and creating environments, fetching and exporting diagrams in various formats, JSON exports, fetching and creating teams and team members and creating, fetching and syncing your AWS, Azure and GCP data sources.



There are a number of product specific integrations built by Hava to make integrating or triggering diagrams easy.

The confluence plug-in allows you to place interactive diagrams directly into your Confluence Wiki.


There are also Terraform provider and GitHub Actions that make it easy to trigger diagram production and retrieval as part of your CI/CD pipeline activity so you can capture architecture states at the point they are deployed.


Export Diagrams & Reports


Hava provides an export function on each diagram type so you can export your diagrams and the underlying data out to your preferred destination. 

These options include:

    • PDF
    • PNG
    • VSDX  ( Editable diagrams using Visio or )
    • CSV
    • JSON

The export function, and in particular the VSDX export provides the ability to edit and embellish your diagrams outside of the Hava application.

The other options make up to the minute cloud architecture documentation instantly available for a range of use cases including presentations, archiving, stand-ups and on boarding new engineers faster. 


SaaS or Self Hosted

The Hava SaaS is ready for you 24/7.  Simply pick a plan and you'll be set up with a free trial within seconds.

Create a set of read-only credentials and connect your cloud to Hava. 

Within a few minutes Hava will map your cloud configuration and produce a full set of  interactive diagrams.

You can access a free 14 day trial to any of the available SaaS plans via the button below.  No credit card required.


AWS Marketplace

We understand that you might want to get your hands on diagrams right away, but the procurement process within your organisation may make that a longer process that you would like. To help remove that friction, you can add Hava to your existing AWS bill by signing up to Hava via the AWS marketplace inside your existing AWS Console. This removes the need to add us as a new vendor within your accounting system and all the trials and tribulations that usually involves.



Just search for "Hava" in AWS Marketplace


In some circumstances your enterprise cloud security or internal policies prevent connecting to external 3rd party applications. Also geographical data storage considerations can dictate where you can store data in some localities. The solution to this is Hava's self-hosted enterprise solution that enables you to host and operate Hava within your network.

Please talk to us if self-hosted is your preferred option. 


Do you still have questions?

Hava fully automates your AWS diagramming and documentation, by producing accurate diagrams that can be used for compliance and audit purposes, can help you understand your cloud architecture visually, help you on-board new engineers faster and assist your security team quickly identify vulnerabilities.

If you would like a personal walk through Hava to see how it can help you in your day-to-day AWS cloud management and documentation challenges, we would be happy to arrange a one-on-one screen share demonstration with one of our customer success team.  If you would like to do that, or just have more questions, please use the chat widget in the bottom right hand corner of this page. It's connected to a real person with in-depth knowledge of the application who will be happy to discuss your use-case or requirements. 


Hava currently supports AWS, Microsoft Azure, Google Cloud Platform and stand alone Kubernetes