When your mind turns to cloud network diagrams often Microsoft Visio will be the first thing that springs to mind. That's not surprising, given the popularity of this accomplished desktop flow chart/drawing application.
But is it the best way to diagram your AWS infrastructure?
The simple answer is yes and no. Let me explain.
If you are designing a new network or resources and infrastructure for a new application that does not exist yet, then you have little option but to use a manual drawing package to visualize your design.
Visio comes with an AWS icon library that you can use to build out a visualisation of your network, which you can use to communicate the design to your team or as supporting documentation for a pitch to internal stakeholders or for client proposals.
But what if your infrastructure is already built, or you have multiple AWS accounts for your organisation or under management for client's in a consulting or managed service provider scenario? It would be a massive time consuming task to manually map out your environments onto a Visio diagram. It's possible of course, but what if you have hundreds or thousands of resources, the task is starting to look a bit more problematic, and who's got time for that.
Then of course you have the issue of dynamic resources. Auto scaling groups periodically adding or removing EC2 instances for example. If you want your diagrams always up to date, you would need to monitor what is changing, spin up Visio and edit the diagrams. Then to add salt to the wounds, by the time you add the scaled resources, the chances are they have been scaled back in and are no longer active.
So using Visio to create complex network topology diagrams of your AWS environments might not be the ideal approach. However, all is not lost, there is a way to automatically generate cloud network diagrams that can be passed to Visio without all the hard work you would need to do if you were drawing the diagrams from scratch.
Instead of trawling through your AWS console, collating a large list of resources, splitting them into individual VPC sets, noting down the settings and mapping them manually, you can use a purpose built solution to do all the hard work for you.
Hava is an application that connects to multiple AWS accounts that you control which once connected automatically generates network topology diagrams for each VPC discovered.
This process is hands-free, no drawing or drag and drop required. In fact at this point Visio isn't required at all.
The diagrams are fully interactive, which means you can select a resource on the diagram and all of the know settings and metadata is displayed to the right hand side of the diagram.
The diagrams auto update. Which means when changes are detected, Hava generates a new diagram set and places the superseded diagrams into version history, which is also interactive and have the same functionality as the live diagram.
On top of the individual resources held within the subnets and availability zone columns, Hava also analyses the security groups associated with the diagram assets and maps these out in a security view.
As you can see from the above screen shot, all of the security groups are stacked and selectable so you can view the essential details about the group like it's ingress/egress ports, IP addresses, attached resources and so forth.
Overlaid on the security groups are the open ports, which gives your security team an at-a-glance method of spotting security issues that may exist but are difficult to determine when looking through console settings. Vulnerabilities may be sitting there and won't show up in any logs until they are exploited, which is a bit too late.
So this is all well and good, but what has it got to do with AWS diagrams for Visio?
The answer is Hava can export VSDX files from the auto generated diagrams.
As well as Visio, there are also CSV and JSON files to ingest into other software or to interrogate programmatically as well as PNG and PDF to insert into management reports, or to print out and put on your wall to let your colleagues know how awesome your design skills are.
While the native Hava diagrams give you pretty much everything you need, sometimes you want to use the current diagram as a starting point for some redesign work, or maybe you would like to embellish the diagrams from some purpose.
Since Hava maintains the integrity of generated diagrams by preventing the addition or removal of resources within the application, so the diagrams always stand up to scrutiny in an audit scenario, the VSDX export provides the pathway for editing.
Once you export the VSDX file you can open it in Visio (or draw.io if you don't have access to visio) and edit away:
All the icons are individual elements, so you are able to move, delete, add resources and of course overlay text, draw lines etc, all the fun stuff that comes with a manual diagramming application.
Using Hava to export your live network topology from AWS into Visio will without doubt save you hours of your valuable time as well as providing an accurate starting point for whatever work you are about to commence.
You can of course try this out for yourself. Simple follow the button below, take a completely obligation free 14 day trial of Hava, connect a cloud account or import some sample data and have a play around with the export functionality. The trial is 100% free and no credit card is required.