22 min read

Google Cloud GCP Diagram Generator

July 21, 2020



There's no disputing the benefits of an accurate google cloud architecture diagram.

The ability to easily communicate your GCP environment design assists key stakeholders in your organisation at every level.

  • Engineering - Onboarding new engineers
  • Architects - Ensuring the implemented infrastructure matches the specified design
  • DevOps - Quickly establish what is running now before making improvements
  • Disaster Recovery - Compare what was running prior to any critical errors
  • Project Managers - Easily explain the state of play now vs planned changes
  • Management - Easily understand what's running and what that costs

Traditionally there have been several friction points when it comes to documenting cloud environments. The main two being the time it takes to produce the documentation and the resources and discipline it takes to keep the documentation up to date.

We understand the challenge.  Having evolved from a DevOps / Cloud Consultancy the team at Hava faced the same challenges as most cloud engineering teams. When starting a new project or taking on a new client's infrastructure, the task of establishing exactly what was running was a massive task that could take days or weeks. Great from a billable hours perspective, but not a task anyone got excited about which is why we built hava.io.

Hava automates the process by simply connecting your GCP credentials and letting the software discover what's running in your account and then rendering logically laid out infrastructure diagrams.

GCP Google Cloud Diagram Generator

The process is as simple as it sounds.

To connect to your Google Cloud Platform (GCP) to Hava you will need to create a "Read Only Service Account" for your project and download the JSON key file to import into hava.io.

Simply log in to your Google Cloud Console then in the IAM & Admin menu, then select "Service accounts" :

GCP Service Accounts

Then select "+Create Service Account" :

GCP Create Service Account

Give the account a memorable service account name and an optional description :

Create GCP Service Account for Hava

Select Create, then in the Select a Role dialogue options, Select Project and Viewer

GCP Create Service Account Project

On the next page select +Create Key

gcp create key

Select the Key Type : JSON and Create

GCP Create Key JSON

This will download the private key to your computer.


From the Hava Environments dashboard - select Add Environments


In the Import an Environment dialogue, select the Google Cloud Tab and Select "Choose File" and select the file containing the Private Key JSON file you just downloaded.


Hava will then connect to your GCP Project, import the resources and create the default interactive diagrams.


Hava imports and visualises the key resources in your GCP Cloud Infrastructure projects.

The resulting diagrams logically lay out the detected resources.


The diagram is kept clean and readable with the associated configuration data displayed in a contextual panel to the right of the diagram.

The interactive nature of Hava diagrams means you can select individual resources on the diagram to view all the attributes for that resource - like this URL Map


Conversely there are also selectable values in the attribute pane that show associated relationships on the diagram. With the Network in focus, the attributes displayed include data like the subnets, firewalls and routes. 

For example, hovering your mouse pointer over a particular firewall will highlight the associated instances belonging to that firewall.


There are several diagram types automatically generated by Hava including extended infrastructure, container, and a detailed list view that shows all the resources discovered irrespective of whether they are visualised on the diagrams. 

Below is a list of the resources visualised. The resources that are not visualised can be found in the contextual attributes tab and are also visible when viewing the Hava List View

Resources Visualised


Compute Backend Service

External VPN Gateway

Compute Instance

Compute Interconnect

Compute Nat Gateway

Compute Network

Compute Router

Compute Subnetwork

Compute URL Map

VPN Gateway

DNS Managed Zone

Memory Store Instance

SQL Instance

Storage Bucket


Non Visualised Resources

Compute Address
Compute Autoscaler
Compute Backend Bucket
Forwarding Rule
Forwarding Rule Targets
Instance Group
Interconnect Attachment
Network Endpoint Group
Node Group
SSL Certificate
SSL Policy
VPN Tunnel


The possibilities when using hava.io are also not limited to auto generated documentation.  Using the query function, you are able to nominate the resources you wish to visualise. This could be a specific subnet or even a tags. You are in control, so you can build the diagrams you need easily. 


You can select a specific project: or vpc: for instance, or say everything with a tag containing "dev" or 'production".  Operators can be stacked to enable quite complex query expressions that yield super specific diagrams when required.

Should you have multiple cloud vendor accounts connected to Hava, you can also build hybrid cloud diagrams containing AWS, Azure and GCP resources using the application or Hava's cloud diagram API for AWS, Azure and GCP

Keeping your GCP diagrams up to date.

As we mentioned at the start, documenting and diagramming your infrastructure is only the start. Keeping your documentation up to date is a perpetual challenge.

Hava steps up to this challenge by continuously checking your config files and updating your diagrams when changes are detected. Of course just overwriting the diagrams could be problematic if you are trying to track down changes that may have caused errors with your applications. 

If your current documentation is all you have, there's no baseline comparison, which is why every automatic diagram update saves the previous diagram set to a version history that is always available and fully interactive just as if it was the 'live' diagram set. This means you can go back in time and compare infrastructure to see what has changed.

This is not only incredibly valuable to help identify issues, but it is also enables you to answer tricky pci or insurance audit questions should your network integrity ever be called into question.


Hava continuously scans your GCP architecture and when changes are detected a new diagram set is automatically generated. The superseded diagrams are not discarded or overwritten. Instead they are moved into version history. Still fully interactive.

What this means is you can view your cloud architecture at any point in time and also leverage Hava's revision comparison (Diff Diagrams) to quickly identify what has been added or removed between the two diagram dates.


So you can easily identify all the changes made since your last compliance audit, or see what changed yesterday that is causing unexpected network or application errors.


While diff diagrams are super helpful in diagnosing changes after the fact, you may want to keep on top of changes as they happen.

Hava's architecture monitoring alerts will let you know the minute a change is detected. You simply nominate the environment you wish to monitor and add a group of recipients to receive the alerts. When a change is detected like the addition or removal of a resource, Hava will send each recipient a diff diagram showing the changes.


Now you and your security team can be across every change as it happens so you can assess and take action if required.

So to recap:

  • Producing accurate GCP network topology diagrams is extremely worthwhile.
  • Automating the process will save you days or weeks of expensive labour costs.
  • Automating the process of keeping documentation up to date will ensure you always have accurate diagrams and documentation on hand.



If you would like to try hava.io out for yourself, we are currently offering a 14 day free trial. There is no credit card required to take the trial and our support team are available to assist you at any stage of the trial. Learn more about Hava here:

Hava is available in SaaS form which meets most requirements, however we can also arrange a self-hosted solution should that better suit your company or data security policies.





Team Hava

Written by Team Hava

The Hava content team