5 min read

AWS Diagram Tools

October 13, 2020


If you have worked with AWS for any length of time, you will understand the importance of using effective AWS diagram tools.

Well laid out AWS network topology diagrams instantly communicate the state of play of your AWS infrastructure so your engineering team, management and consultants can easily understand what is running, where it is running and how the network hangs together.

Understanding how well designed your AWS infrastructure is does not stop at simple environment resource diagrams.  Understanding your infrastructure security, how your configuration complies to AWS best practice recommendations and how resilient your network design is to region outages are all considerations to think about when selecting your AWS diagram toolset.

Automation is also a consideration from both an efficiency and accuracy perspective. If your documentation solution can automatically generate well laid out network topology diagrams and keep them automatically updated when your environment changes, whilst also tracking changes in a version history, you'll be saving a massive amount of time over manually creating diagrams and keeping them up to date.

In this post we'll take a closer look at how hava.io addresses these important considerations and how this is achieved in a single application to auto generate AWS diagrams.

AWS Infrastructure Diagrams

Creating AWS infrastructure diagrams with hava.io is as simple as creating a read-only AWS cross-account role and plugging the credentials into Hava.  The application will then scan your account configuration and produce a set of diagrams laid out by VPC.


The AWS regions are represented by the columns within the VPC which each contain subnets configured within the region. With your environment visualised in this "Infrastructure View" you can select items and resources displayed on the interactive diagram to dig into the attributes of the selected resource, subnet or VPC.

This view gives you a visual prompt in relation to the regional redundancy built into your network design. Can your application survive an individual region outage which has been known to happen from time-to-time. 

With optional display of resource names and connections to keep the diagram uncluttered and manual controls to scale and adjust the diagram, the standard infrastructure view out of the box provides provides the key information needed by engineers, DevOps and management.

An "extended infrastructure view" expands on the data displayed on your AWS infrastructure diagrams and an additional "List View" diagram provides an extensive list of discovered resources that do not get visualised.

AWS Container Diagrams

If you are building containerised solutions using AWS the Hava application will visualise these in a "Container View" diagram.

The below diagram depicts an ECS Cluster with multiple ECS Service instances within the cluster that contain multiple tasks per service. The task status is visualized using different colours. ie "Running", "Pending", "Stopped" etc 

Colour codes include Green = OK, Yellow = Transitioning, Red = Warning, White = Stopped or empty which gives you an immediate visual guide of exactly what's going on and if anything needs attention.


AWS Security Diagrams

One of the most important aspects of cloud computing solutions is security and security should be a central component of your AWS diagram tools.

Visualizing your AWS security configuration allows you security team to immediately see what security groups have been set up, what ports are open and how IP traffic enters and exits your network. 

A visualized security configuration can instantly highlight vulnerabilities like ports opened during development and testing that should have been closed or network ingress points that have been misconfigured. Your security team can pick up problems in seconds that would otherwise go unnoticed or take hours to uncover trawling through config settings.


Custom AWS Diagrams

While automatically generated AWS diagrams delineated by VPC are incredibly useful and time saving, sometimes you need to diagram specific elements within a VPC or collate resources from different VPCs or even cloud providers.  This could be driven by individual projects, development vs production or hybrid cloud design. Hava's toolset addresses this with a very flexible query and search tool that allows you to build custom diagrams based on numerous criteria like region, resource name, VPC name and even arbitrary tags.


You can stack your query parameters to build a custom diagram from the returned resources. Using the Deep Search modifier within the query, the search will also return resources connected to the ones that meet your search criteria.

Once saved, the custom diagram will auto update every time a configuration change is detected and a version history retained as if it was a system generated diagram.

Always up to date

Automatically generating AWS network topology diagrams ensures you have accurate documentation. However they are only accurate until the next configuration change. Hava continuously syncs your standard and custom diagrams, so an up-to-date documentation set is always at hand.


While automatically updated AWS diagrams ensure your documentation is always up to date, you may need to know what your network looked like prior to the configuration change. During an audit or unexpected network behaviour you may need to know what the config looked like last month or even 3 months ago. 


Hava addresses this important requirement by retaining a full interactive document set every time a diagram is superseded in a version history. The older versions can be opened and inspected interactively just like the current document set and even exported for diffing or external archiving. 

Additional Reporting

In addition to the traditional diagram set you would expect from an AWS diagram application, Hava also includes an AWS compliance report. This management style report is based on the AWS trusted advisor methodology.

Reportsv2The AWS Compliance report includes an account summary, region usage analysis, interactive graphs covering resources by region, total resources in use, IAM users and roles and finally a report segment on AWS compliance.

The findings will highlight configuration issues and tag them as low, medium or high concerns and will detail the findings and suggested best practice resolutions.

The reports are automatically generated and can be exported on demand.

SaaS or Self-hosted

Hava's AWS Diagram tools are available as cloud based SaaS where you simply connect a set of cross-account role credentials.  

Due to some regional data regulations and corporate policy limitations, Hava is also available as a self-hosted application that can be run within your own cloud infrastructure.

You can take a free 14 day trial at any time to see what your AWS, GCP or Azure environments look like.  We can also arrange a personal 1:1 live screenshare demonstration of Hava for you and your team if you would like a walkthrough of the capabilities of hava.io - no pressure or obligation. 

Learn More!


Team Hava

Written by Team Hava

The Hava content team