If you have been working with AWS cloud infrastructure for any length of time, you will probably used or at least heard of Cloudcraft.
Cloudcraft started life as a manual AWS infrastructure diagram tool and later added some AWS infrastructure scanning capabilities.
It's great for manually creating proof of concept diagrams for infrastructure that doesn't exist yet, but if you are running larger enterprise environments or utilise multiple cloud vendors other than AWS, like GCP or Azure, then you might be looking for a Cloudcraft Alternative to fully automate your AWS, GCP, Azure or even hybrid cloud infrastructure diagrams.
Even if you are only building on AWS, there is a chance your DevOps or Security team could benefit from better laid out more comprehensive diagrams, security group and traffic visualization, compliance reporting and a fully automated diagram update regime that stores version history that allows you to interrogate network infrastructure that has been superseded.
All these things can be found within hava.io which we believe is the obvious choice for any organisation looking for a Cloudcraft Alternative.
Lets take a look at what you can take advantage of when you integrate Hava into your cloud tech stack.
Multiple Cloud Vendor Diagrams
At the time of writing, the largest vendor in cloud space is Amazon Web Services. Creating AWS diagrams with Hava is as straightforward as creating a set of cross account role credentials and plugging them in.
AWS Cloud Architecture Diagram
The diagram is logically laid out by VPC and has separate columns for each availability zone detected. Within the AZ columns each subnet found is visualized and contains the individual resources.
An overall cost estimate is displayed for the environment in total, however the interactive nature of the diagram enables you to select individual resources to take a deep dive into the attributes, costs and associations that resource has configured.
Azure Cloud Architecture Diagram
One of the drawbacks of Cloudcraft (as of writing this) is the lack of Azure integration. Whether you are utilizing Microsoft Azure as your primary cloud provider, or using it a part of a hybrid cloud strategy, creating auto generated and auto updating diagrams using Hava is equally as simple.
The generated Azure diagrams are automatically generated and also automatically updated every time a resource configuration change is detected. Which means once set up, you no longer have to manually trigger documentation updates.
Google Cloud Platform Infrastructure Diagrams
Another popular cloud platform not currently supported by Cloudcraft at the time of writing this is GCP. Just as with AWS and Azure, all you need to do is create a set of read-only credentials, connect them to Hava and you'll have automatically generated, perpetually updated diagram sets and a version history that you can interactively inspect as if it was the current live configuration.
Hybrid Cloud Diagrams
Increasingly, DevOps and cloud engineers take advantage of the strengths of multiple cloud platforms when designing application infrastructure. If you need accurate, automated diagrams that contain all the resources from multiple cloud providers, then you'll definitely need an alternative to cloudcraft.
To achieve multi vendor diagrams, you can create and save custom diagrams from queries. This lets you join say an AWS VPC with an Azure Virtual Network and/or a GCP project or VPC. There is no restriction on the combination.
Once the custom diagram is saved, the same auto update and version history rules are applied. Create once and the diagrams remain up to date automatically.
Interactive Cloud Diagrams
All iterations of Hava diagrams are interactive. You can zoom in/out, use the canvas controls to adjust the layout but more importantly, select individual resources to view their attributes. Selecting the RDS resource from the below diagram for example changes the attributes pane to display all the knows attributes for the database.
Should any of the settings in the attribute pane also be selectable, you are able to drill down to look at all the other resources connected to that attribute. If you were viewing the attributes for an EC2 instance and selected one of the security groups the instance belonged to, then the entire security group attributes are displayed, even though the SG isn't visualized in the infrastructure view.
One of the unique visualizations you won't find in Cloudcraft is the Hava AWS Security View. This visualization displays all of your configured security groups. Each group can be selected to view all the attributes for the Security Group in the attributes pane.
Open ports are visualized on top of the security groups to enable a visual appreciation of the traffic flow and traffic ingress/egress. More importantly, this enables your security team to instantly spot potential security issues.
All the above diagrams are exportable and can generate embed code allowing you to embed interactive cloud diagrams anywhere.
When you connect your AWS, Azure or GCP accounts to Hava, a few powerful time saving processes are set in motion.
- Infrastructure diagrams are automatically generated showing you exactly what is running in your cloud accounts. This is hands free with no drag and drop diagramming required.
- Security views are generated for AWS and Azure environments showing how your security groups are configured and how they prevent or allow traffic to flow through your application infrastructure.
- Automatic continuous monitoring is instantiated so that diagrams are updated when changes are detected within your cloud config, with the superseded diagrams being placed into version history.
The continuous monitoring aspect is where Hava's Architectural Monitoring capability comes into its own.
When changes are detected during an automatic sync, a visual representation of the changes detected is created. You specify who should be emailed the notifications. This provides not only an immediate heads up that something has changed, but also provides you with contextual architectural insights to augment any observability platforms you may already have in place.
The recipient receives an email with a Diff diagram highlighting what changed, what has been added and what has been removed from your environment.
You will also get notified when a previously unseen service is deployed. This means if suddenly a Lambda instance shows up and you haven't used Lambda before, you will get a specific alert letting you know.
You can nominate as many people as you like to receive architectural monitoring alerts.
This is particularly useful for security teams, especially if you have a large developer team or multiple teams constantly deploying infrastructure changes. It helps your security team monitor infrastructure and pick up on unexpected changes and any associated security issues.
AWS Best Practice Compliance Reports
One reason you may be looking for a Cloudcraft Alternative is having an expanded suite of reports contained in the one application to monitor and improve your AWS configurations.
Hava delivers this with a separate reporting module separate to the diagrams. Currently containing and AWS Compliance report, the reporting module monitors your AWS configuration and measures it against AWS best practice trusted advisor methodology.
As you would expect from Hava, the reports are automatically generated daily and ready for viewing on demand as part of the application.
The exportable report details your region usage to assist with optimising load speed and latency of your applications when compared to the location of your users.
The region report may also assist in demonstrating your data resides in an appropriate geographical location should you be subject to local data compliance regimes like GDPR.
Several graphs highlight resource usage per region, total resource usage and the number of IAM users and roles.
The best practice findings graph visualizes the number and severity of adverse compliance findings, with the report going on to detail the findings.
Hava has a fully featured API enabling the integration and animation of network documentation into CI/CD build pipelines like Terraform.
You can also leverage the API to create bulk data sources in a large enterprise scenario, download diagrams for off-cloud storage, initiate diagram synchronisation ahead of the normal sync schedule. There are lots of use cases for Hava's fully documented API.
No manual drag and drop
The ability to drag and drop non existent resources onto a diagram is where we choose to differ from almost all applications in this space.
Hava diagrams are 100% generated from your actual cloud configuration.
We believe that the minute you introduce manual "adjustments" to what is essentially documentation that represents the source of truth, then you can call into question the accuracy and validity of your documentation. Dropping a firewall WAF ACL onto your diagram won't stop network intrusions in the real world.
This means your diagrams are created in seconds or minutes without you having to waste any valuable time creating anything manually.
If you do need to annotate or embellish documentation, then we provide options.
Manually Manipulating and Exporting diagrams
The only way to manipulate Hava diagrams is to export them. This ensures the diagrams held within your dashboard remain true and accurate.
There are a number of export options.
To take the completed image, you can export to PDF or PNG image formats.
If you require the raw data, then the CSV or JSON file export will allow you to do that. This can be especially useful if you need to Diff large environment diagrams to quickly identify resource configuration changes causing problems.
If you need to manipulate infrastructure diagrams to say add proposed resources for a configuration change proposal, or embellish the diagrams for management reports or presentation purposes, then the VSDX file export will assist with this.
The VSDX file can be opened and edited with Visio and other programs that support VSDX file formats like draw.io
SaaS or Self Hosted Cloudcraft Alternative
Understandably security is top of mind when it comes to connecting your corporate cloud accounts to third party software.
We take every measure to ensure your configuration data remains safe and secure like using encryption at rest, insisting on read-only access and only storing configuration settings, never database or user file contents.
That said, sometimes enterprise clients insist on running Hava from within their own infrastructure, which is where our Self-Hosted solution comes into play. Running Hava is entirely possible from you own AWS, GCP or Azure infrastructure, with zero call home network traffic. Once installed, we'll notify you when updates are available and you can pull the updates into your ecosystem.
We truly believe Hava provides the best diagram layouts out-the-box for your AWS, GCP and Azure network topology diagrams and has the simplest subscription as well as security, scalability and performance for even the most demanding enterprise.
If you are looking for a viable Cloudcraft alternative, we invite you to take a look at Hava.