6 min read

5 Reasons Why You Should Automate Your Cloud Diagrams

August 17, 2022

5 Reasons

Visualising your cloud network topology via diagrams is an incredibly useful undertaking that can ultimately save you masses of time on a number of fronts.

Back in the dim dark past, this was done on whiteboards or by busting out a drag and drop charting software package like Visio. Thankfully those days are behind us now you are able to simply connect your cloud accounts to Hava and have your AWS, Azure, GCP and Kubernetes diagrams automatically generated and then kept up to date on auto pilot.

But why would you need to keep up to date network diagrams on hand in the first place. Having talked to hundreds of cloud engineers over the years and after some quiet considered reflection we came up with a list of the most common reasons that you would use a tool like Hava to automate your cloud documentation.Time

Reason 1 : Reduce Time to Resolve Issues

When things go wrong you obviously need to respond and identify the issue as fast as possible. If you have a baseline diagram showing all the resources and settings that existed when your application or network was behaving correctly, you now have the ability to compare that to what is running now.

You could either sit two diagrams side by side and visually compare drawn resources and metadata to identify the changes, or you could export to JSON or CSV and diff the versions to highlight what has changed.

Because Hava retains superseded diagrams in a version history every time a new diagram is generated in response to a detected config change, you have an audit trail on hand for comparison purposes. This can prove very useful in an audit scenario too.

teamReason 2 : Onboard Your Team Faster

When you automate your cloud diagrams you always have an accurate representation of what you have running where.

This means you can show a diagram to your existing team or new team members that you are onboarding and you can instantly communicate what is going on in your network without having to resort to lengthy management console sessions and getting light headed due to the whiteboard marker fumes.

Having a well laid out accurate diagram will get new team members or expensive consultants up to speed with the construction of your cloud infrastructure in minutes instead of days. Not only is this a massive time saving, but also a major cost saving should you be paying consultants to work it out for themselves.

Cyber RiskReason 3: Understand your Network and Cyber Risk Posture

One unique aspect of Hava's automated diagrams is the security view diagrams generated for AWS and Azure in addition to the infrastructure diagrams.

Hava infrastructure diagrams show you your virtual networks, the subnets, availability zones and all the resources running in them so you know exactly what is running where. Hopefully when you look at a Hava infrastructure diagram you will be able to spot rogue resources that shouldn't be running or are a legacy of the development and testing regime that are no longer required. This happens a lot and our clients have saved a significant amount of cloud spend when these resources are identified and shut down.

The security group view generated by Hava is the next step in ensuring your network is as secure as it should be. The security view shows you all of your security groups and also overlays arrows that indicate how traffic enters and exits the network. Open ports and protocols are overlaid on the diagram so you can visually assess the ingress and egress of traffic and which security group is controlling access.

A trained eye can immediately spot ports that are open but shouldn't be, or are routing traffic to endpoints that aren't appropriate. This visualisation of your cloud security can surface issues that would be difficult to spot in the management console.

cloud search

Reason 4: Find Resources Fast across Multiple Clouds

When you are managing multiple cloud accounts, whether from one vendor or many, there may come a time where you need to track down a resource that could be in any one of hundreds or possibly thousands of accounts.

Say for instance a particular database type or version is being retired and you need to find out which accounts and networks out of thousands are using that database. It could be extremely time consuming to log into each management console to track them down.

Or maybe you receive an error log warning related to a specific IP address. Which VPC or virtual network is using that IP address or range? Again, you would need to go into each management console individually to locate the IP address.

When you have all your cloud accounts connected to Hava, you can use a single search query to surface and diagram the thing you are searching for. One command will go through all your connected data sources, whether they are AWS accounts, Microsoft Azure, Google Cloud or even stand alone Kubernetes clusters. You can search for specific resource types, IP addresses, resource names, VPCs, Subnets, resource groups, gcp projects plus lots more including user generated tags and key pairs.

One command to simultaneously search thousands of networks across multiple vendors. We're not sure there is a faster way available to find what you are looking for if you are a MSP or enterprise with a large number of virtual networks.

Document ChartReason 5: Embed Auto Updating Diagrams in your Documentation

Cloud infrastructure diagrams are great. They are even greater if you can place them where they can be of the most use.

Hava's embeddable diagram viewer allows you to place three types of diagram into external web properties.

  • A fully interactive diagram with potentially sensitive settings and metadata
  • A light version which is interactive but suppresses sensitive data
  • A static PNG

By sharing the diagram and placing the viewer code snippet into and external web page or markdown document, users can view your diagrams without needing to be logged into Hava.

This is perfect for adding live diagrams to a development Wiki or adding a self updating PNG into a GitHub readme.md file for a project.

What sets the Hava viewer aside from simply dropping a static JPG or PNG is that the URL endpoint of the diagram is dynamic. This means that any diagrams you have embedded in other web properties are self updating. When Hava detects a config change and refreshes the diagram in your Hava environments console, the diagrams at the end of the embedded viewer URL also update. So embed once, and the diagrams will self update without any action on your part.

If you are still toiling away with drag and drop drawing applications, or paying consultants thousands to map out your cloud networks, why not give Hava a go and regain your time and sanity. There's a 14 day free trial, no obligation or credit card required. 


Who knows, you might find a bunch of unused resources or entire dev and test environments that are costing you a fortune but you don't use anymore, or maybe you'll discover the potential for Hava to save you mountains of time on an ongoing basis. Put in place an automated  mechanism to help with your annual compliance audits and keep up to date network diagrams on hand whenever you need them.


Team Hava

Written by Team Hava

The Hava content team