AWS cloud architecture diagrams are used for many important tasks. Depending on your role, you will most likely be interested in the elements on the diagram that you are responsible for.
If you are a part of the security team, the security groups, access control lists and open ports will most likely be the elements that are of most concern. If you are a network architect, the overall construction of the network topology and making sure what was designed has been built would be one of your main uses for an up to date network topology diagram.
The uses for an accurate up to date network diagram are endless. They can be used for:
- Onboarding new team members faster
- Identifying stale or obsolete resources
- Visually identifying security vulnerabilities
- Surfacing old unused development & testing environments
- Getting external consultants up to speed and saving a fortune in consulting fees
- Comparing versions to identify the cause of an outage
- Finding resources fast
If you are a database administrator, an accurate AWS RDS Architecture Diagram can easily surface all the resources you are responsible for.
On a standard Hava cloud architecture diagram, the diagram is representative of a single VPC and will include all the running RDS instances.
On the diagram above we can see a typical VPC with subnets across two availability zones with multiple EC2 instances, some NAT gateways, load balancers.
If you are interested in the databases then the two EFS file systems and the MariaDB RDS instance are probably the resources you are most interested in.
By selecting the RDS instance on the bottom left of the diagram, the attribute pane changes to show the data related to the database without the need to switch out to your AWS console.
You can see lots of useful information about the database including:
- Instance name
- Region
- Database engine type (MariaDB)
- Engine Version
- Instance Class
- Username
- Port
- Status
- Allocated Storage
- Backup Status
- Maintenance Window
- Security Groups
- Tags
The attribute pane also gives you an estimated cost of the Database.
So this is all well and good, but what if you have dozens or hundreds of RDS Database instances to administer across multiple AWS accounts? You can of course visit each VPC infrastructure diagram individually, but if you wanted to create an AWS RDS Architecture Diagram that gathers all your databases from all your connected cloud accounts onto a single diagram you can.
Hava's custom diagram builder allows you to create a diagram drawn from all your connected cloud accounts which also include GCP and Azure. Using the query builder you are able to specify different criteria that need to be met for inclusion on the resulting diagram.
So if we were looking the create an AWS RDS Architecture Diagram with all our AWS databases from across all the AWS accounts connected to Hava we could use the "type:" criteria. By selecting or entering type: into the query builder box at the top of the Hava environments dashboard, we can then select the resource type to include on this new custom diagram.
So in this example we'll create a diagram detailing all the RDS instances in the accounts connected to our Demo Hava account.
This will then create a diagram on the fly with all the discovered RDS Instances across any connected AWS account.
There is quite a bit of power behind this feature of Hava. It can be used as we are doing now, but it can also be used for complex searches where you layer the search criteria to customise the results. It can be used to find resources quickly, find a subset of resources from a particular source, or with a particular tag value, even if you are unsure what account or VPC the resource has been created in.
The resulting diagram using the AWS RDS Instance type search returns a diagram detailing 14 separate VPCs containing 61 databases made up of Aurora, PostgreSQL, MariaDB and MySQL databases.
We could expand the contents of the diagram by including other resource types in the initial search like say DynamoDB instances, RDS Clusters, EFS or even a Google Cloud SQL Instance.
Once this custom diagram is created you have the option of saving it to your Hava environment dashboard. Once you do that, the diagram will keep itself updated by continuously polling the resources on the diagram looking for changes. When changes are detected, a new version of the diagram is created and the superseded diagram is placed into version history.
The older versions are fully interactive, so you can drill into the attributes and settings when you need to see what historical configurations look like, which is useful when you are under pressure trying to identify the cause of an outage.
Getting started with Hava SaaS is simple, you can take a free trial using the button below. Hava also has a fully featured API for programmatic control of the production and retrieval of your network topology diagrams and the entire application can be supplied for self-hosting should you have internal governance policies preventing connection of your AWS account to third party applications.
