7 min read

AWS Lambda Architecture Diagram

March 23, 2022

AWS Lambda Architecture Diagram

AWS Lambda is a serverless compute service that executes code in response to events such as website actions, https requests, files being modified or written to S3 buckets and a whole host of integrated AWS services that have the capability to trigger lambda functions in response to a state change.

Lambda is one of the key services that is visualised by the Hava application when it auto generates your AWS network topology diagrams. 

Lambda_Functions

Hava diagrams allow you to interact with them, so that when you select a resource on the diagram, the attribute pane to the right hand side of the diagram changes to display the metadata related to the selected resource.

This applies to the Lambda functions discovered when your AWS console settings are scanned by Hava and visualized on your VPC diagrams. Selecting a Lambda icon changes the attribute pane like this:

Lambda_Attributes_1

From this information you can see at a glance a number of settings and attributes related to the Lambda function without having to swap out to your AWS console. The displayed information includes:

  • Runtime
  • Codesize
  • Memory Size
  • Timeout Setting
  • Version
  • Handler Name
  • Date and Time Last Modified
  • Tracing Config Mode
  • ARN Role Name
  • Security Group Details

So connecting your AWS account to Hava is the easiest way to visualise your Lambda instances and the VPCs they are related to. 

Hava was developed back in our cloud consulting days to assist with quickly getting to grips with new client AWS, GCP and Azure networks when we were engaged to help redesign or improve their business outcomes.

Manually mapping out diagrams from consoles was incredibly tedious and not something we looked forward to as it could take days to get to grips with a network and produce an accurate network topology diagram.

AWS VPC ARCHITECTURE DIAGRAM

Initially getting the AWS VPC infrastructure mapped was our primary focus which was achieved with the Hava Infrastructure View.

AWS Architecture Diagram

The Hava VPC Infrastructure view lays out your AWS VPCs into separate diagram sets. Subnets within the VPC are mapped within the columns of availability zones. The AWS VPC diagram generated also displays both internal and external resources. 

The diagrams automatically generated by Hava are interactive, which means clicking on any of the resource icons on the diagram changes the attribute panel to the right of the diagram which allows you to take a deep dive into the resource settings like security groups, IP ingress/egress ports, connected storage and so on. The VPC diagrams also display the estimated costs of each resource which are totalled for the entire environment when the environment is opened up.

The next development turned our thoughts to the relationships and connections between diagrammed resources, so we created the ability to toggle on and off the ability to view connections.

AWS Cloud Architecture diagram connections

Right from the beginning, we decided to keep the Hava diagrams clean and free from non essential resources like network interfaces that could flood the diagrams with unimportant information making them messy and confusing so you end up with a clean and easy to read diagram. 

Although these less important components are not on the infrastructure diagrams, you do need to know about these 'non-visualized' components, so we created the "List View". The List View is an extensive data set that lists all the resources discovered in your AWS configuration. This view lists both visualized and non-vizualized resources.

The listed resources also have an estimated cost detailed against them.

List_View_New_UI

One of the benefits of this list view is the ability to sort the list, including by descending costs. This reveals what resources make up the bulk of your estimated cloud spend which should help when you are looking to save cloud costs or explain to management which important resources make up the bulk of your AWS bill.

AWS NETWORK DIAGRAM SECURITY VIEW

The security view was next diagram we added to Hava. Since we already had the configuration metadata and relationships coming back from AWS, our security focused clients asked if we could diagram the security relationships the same way we were able to visualize infrastructure. This led to the AWS Security View.

AWS_Security_Group_Diagram

The Hava security view shows you all of your AWS security groups and overlays the open ports to show how traffic passes through your network.  You can select a security group on the diagram to see all the connected resources in the attribute pane, as well as the ingress and egress port numbers and associated IP addresses related to that resource.

This high level view of your security groups can make some security config issues obvious, like ports used for development or testing that have been left open.

The Hava AWS security diagram is truly unique and is a result of a team of industry practitioners knowing exactly what information is important to security teams monitoring traffic across a network.

One of the benefits of having a team of grizzled cloud engineers behind a product like Hava as opposed to say a drag and drop flow chart drawing package, is that we are always close to the market and hundreds of front line cloud engineers. If we don't pick up new technologies and methodologies first, then our customers will, and are sure to send in feature requests which we endeavour to integrate into Hava as soon as possible.

This is evidenced by the rising popularity of AWS Container Services.  As more development teams embrace containers to deploy applications and provide portability of software between environments we added the Hava container view.

AWS ECS Container View 800x600

The container view displays your ECS Services and the contained ECS tasks inside an ECS Cluster.

AWS COMPLIANCE REPORT

How close is your AWS configuration to best practice. In addition to the diagrams produced by Hava, there is also a reporting module that contains the AWS compliance report.

Reports_NewUI

The report details what resources, users and roles you have configured and which ones are in use. It will also analyse your AWS configuration and report findings based on AWS best practice. Findings are prioritised as high, medium and low severity and have a detailed explanation of the problem and the configuration policy at fault.

Whichever diagram or view makes the most sense or delivers the information your team needs to build and manage your environments, the upside to using a hands free automatic AWS Cloud Diagram Tool like hava.io is that your diagrams are sourced directly from your AWS configuration, so nothing is missed out and nothing can be added by mistake.

What you see is from the source of truth, always accurate and always up to date.

When your configuration changes, so do the diagrams, all automatically,  all hands-free, no human interaction required. The diagrams that are automatically replaced are archived in a version history. You can open up the historical diagrams at any time you like. They are fully interactive so you can compare old configurations to new ones to find out what changed in the event of a problem or compliance audit.

The diagrams generated by Hava are also exportable. You can produce an AWS architecture PDF or a JPG for inclusion in your reporting as well as CSV and JSON.

HOW TO GENERATE AN AWS NETWORK ARCHITECTURE DIAGRAM

There are currently two options for using Hava to generate your cloud infrastructure diagrams.

Option 1: Hava SaaS

The SaaS option is by far the quickest and easiest way to start visualizing your AWS cloud infrastructure.

You simply create an AWS cross account role with read only permissions, then log into hava.io and connect your AWS account. Hava will read your AWS config data and render the diagrams and start to track any changes for audit purposes.

A 14 day fully functional trial is available (along with demo data) so you can try Hava for yourself. At the time of writing, no credit card is required to take the trial.

Option 2: Self Hosted

The self hosted option allows you to run Hava from within your own AWS infrastructure. If you have particular security or enterprise policies that prevent the connection of 3rd party applications to your cloud environments, then self-hosted may be the solution.

Both options are identical in functionality, but you will need to contact our support team to organise a self-hosted solution.

As well as using the application console to generate and view diagrams, Hava has a fully featured API that allows you to programmatically add and remove data sources, projects and diagrams.

We recommend requesting a one on one demo with our sales team if you would like to see Hava in action and explore the self-hosted option.

You can contact us via sales@hava.io or jump into a free trial here:

Topics: aws lambda
Team Hava

Written by Team Hava

The Hava content team

Featured