7 min read

AWS Diagram Generator

April 17, 2020


There's no cloud dev team on the planet that wouldn't benefit from accurate cloud architecture diagrams.

Bold claim, but you know it's true.

Visualizing your cloud infrastructure allows you to immediately comprehend what is running where in your cloud accounts and how it all hangs together.

The major problem with diagrams though, is that they take forever to draw manually and the second you finish one, the config changes and it's out of date.

It can be a full time job keeping on top of accurate cloud documentation.

Massive time suck!  You've got way better things to do, so why bother?

Chances are you work to deadlines. There's new code to push. New features and capabilities to roll out across your infrastructure and management, as always, want it yesterday.  So any time savings you can find in your build pipeline have to be a good thing.

If you're on-boarding a new dev team or engineer, do you talk them through the infrastructure, hand them log in credentials, point them at the consoles and let them work it out, or do you drag out the whiteboard and start drawing?

If you had your AWS infrastructure in diagram form, or better yet, an interactive AWS Network diagram, the mere fact they can visualize the network, see all the VPC's laid out in a logical format, see all the resources, the EC2 instances, the databases, the gateways then the chances are you've just saved hours or days getting them up to speed.

The Hava AWS Diagram Generator achieves this in a few short minutes.


Plugging in your AWS credentials by way of a cross-account role, you'll have up to the minute accurate diagrams that reflect exactly what you have running where in just a few minutes.

Once connected, Hava fires the AWS Diagram Generator and your dashboard will be populated with all the VPCs you have configured.

You can drill in to any of the resources and see all the attributes that relate to it. Where it's running, what security group it belongs to and what subnet its running in.


A seasoned professional can cast an eye over a network topology and spot immediate redundancy issues. What if the Us-East-1d availability zone has an outage?  Will the network hold up, will all the critical databases be available, do the ELBs distribute traffic to all the configured AZ's

With a well laid out diagram, it's super simple.  With Hava you can add GCP and Azure into the mix. We work with all three.

You can of course choose to do this work manually.  It's possible, but in our opinion this is a poor choice.


Because setting aside the fact that a large network could take days or weeks to diagram, you are leaving yourself open to human error. Adding resources that aren't there any more or completely missing resources you weren't aware of are both common errors. Trust us, in our cloud consulting days, we've made them all!

We had a client connect their AWS account to hava for the first time. It revealed an old test environment that was costing close to $30k per year that nobody knew about. Just one RDS instance with a big chunk of test data. Nothing else in the subnet. Untouched for years. $2.5k per month.... ouch.

What about Diagram updates?

Keeping diagrams up to date is generally where the best intentions go astray.  Especially in the fast moving, dynamic public cloud space, things change rapidly and keeping diagrams up to date manually is very often overlooked. Partly down to workload pressures and most certainly influenced by priorities. Keeping cloud documentation up to date is the last thing on everyones list.

Until something goes wrong!

Then having an accurate set of documentation is critical.  What changed. What's missing that was there yesterday.  Who knows?

With Hava - you do!

Once you connect your cloud accounts to Hava, we poll your config data continuously and record the changes. Once a change is detected, the old diagrams are archived and a new set produced automatically. All hands free.

You now have a complete audit trail of all config changes, plus you have a minty fresh new set of diagrams to show management or auditors whenever they ask.

You can hop into versioning and pick diagrams from any two points in time and run a revision comparison on them, so you can see exactly what changed. 


Talking of Auditors, if you get a PCI compliance audit or tricky questions from a legal or insurance perspective, you always have the documentation to show what your network looked like at any point in time. Documentation that's 100% accurate that will stand up to scrutiny because there's no way to modify the diagrams. They always represent the truth.


While diff diagrams are super helpful in diagnosing changes after the fact, you may want to keep on top of changes as they happen.

Hava's architecture monitoring alerts will let you know the minute a change is detected. You simply nominate the environment you wish to monitor and add a group of recipients to receive the alerts. When a change is detected like the addition or removal of a resource, Hava will send each recipient a diff diagram showing the changes.


Now you and your security team can be across every change as it happens so you can assess and take action if required.


For every architecture diagram generated you have the ability to add text comments. This serves as a rolling dialogue your team can contribute to that may better explain elements of the diagram or bigger picture concepts related to the diagram.

Notes are accessed from the accordion menu within the attribute pane.


New notes are added to the top of the list so they are stored in chronological order.




If you would like to take Hava for a 2 week Free Trial (no credit card required) then hit the button below to learn more about the capabilities, diagrams and views Hava will create for you by simply connecting your AWS account(s).

P.S. You'll need a bit of screen real estate to appreciate the diagrams, so it's best to use a desktop to sign up and take the trial.







Team Hava

Written by Team Hava

The Hava content team