AWS Diagrams: Cloudockit’s Guide to Understanding Cloud Architecture


Pascal Bonheur

October 29, 2019 – Reviewed June 28, 2022

Why monitor Your AWS Cloud Architecture

It comes as no surprise that cloud services are now a must in every industry. From small private corporations to large conglomerates and even governments around the world. Cloud services are dominated by a small handful of colossal tech companies, like Amazon. In 2018, Amazon Web Services (AWS) accounted for nearly 43% of Amazon’s overall sales (Statistica). However, just a few years ago, we mostly knew Amazon only as an e-commerce giant.

As companies add more and more data to AWS, monitoring cloud architecture should be the primary goal of any IT department. Proper documentation is all the more crucial if many employees have access to the company’s cloud environment. You must always remain in control.

Documentation can also come in handy when you need to share certain information with other employees or executives. This critical knowledge cannot be exclusively held by only a few key people.

Lastly, companies with ISO certifications need to maintain legitimate documentation. Let’s face it; no one really likes to create documents by hand!

Understanding your AWS cloud architecture is effortless with Cloudockit’s AWS architecture diagram tool.

What is Cloud Documentation?

Cloud infrastructure documentation is the process of compiling and outlining the components and applications that support the requirements of your cloud computing model. Maintaining up-to-date and accurate cloud documentation is a prerequisite for making informed decisions about cloud strategy, spending, security, and compliance, along with tracking changes in your cloud infrastructure. The problem is that this process if done manually, is very time-consuming, tedious, and error-prone.

All this critical data can be presented in the form of technical documentation (reports) and/or architecture diagrams.

AWS Cloud Architecture Components

There are two main types of components in any AWS cloud architecture:

Platform as a Service (PaaS)

Platform as a Service (PaaS) is a category of  cloud computing services that provides a platform allowing customers to develop, run, and manage applications. It enables you to manage applications without the complexity of building and maintaining the infrastructure required to develop and launch an app.

In AWS, typical PaaS components are called Lambda Functions. AWS Lambda is a serverless computing service that runs your code in response to events and automatically manages the underlying computing resources. The Lambda Functions call each other or leverage other components like DynamoDB or Polly. It is easy to lose track of all these functions. Therefore it is important to properly monitor Lambda Functions with technical documentation and architecture diagrams.

Below is an example of diagrams you should constantly monitor. This will help you understand the big picture in your AWS architecture.

Infrastructure as a Service (IaaS)

According to AWS, Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. Infrastructure as a Service provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.

Most typical AWS IaaS components are EC2 Instances and VPC. It is important to keep track of those components in diagrams that list all your virtual machines. It will also allow you to easily associate the EC2 instances to the VPC and the subnet they are in.

For example, here is the type of diagram every Infrastructure Architect should always have:

Start creating your AWS diagrams today!

Start your free trial

Cloudockit’s AWS Diagram Tool

How can Cloudockit help you with your AWS diagram documentation?

Simply put, Cloudockit’s AWS Architecture Diagram tool automatically creates your diagrams. You will no longer need to worry about diagrams being outdated or containing mistakes. It is important to understand that inaccurate diagrams present a serious risk as architects rely on them to make key decisions. For example, if the diagram does not properly show the connection between the EC2 instance and a load balancer, the architect could potentially delete the load balancer and all the data associated with it.

Cloudockit goes beyond simply generating your AWS diagrams automatically. We also offer many important features to help you monitor your AWS cloud architecture diagrams.

Data Embedded in the Diagram

Click on any shape in your diagram (Visio, diagrams.net, or Lucidchart) to get a multitude of information.

As an example, take a look at the “Auto Scaling Group”, with all the information Cloudockit provides.

By clicking on the icon, you can see the number of instances, the Min Size, Max Size, if it is EBS optimized, and more. All these values are useful when you need to take architectural decisions.

Compliance Rules

Increasingly stringent and ever-changing regulations are an uphill battle for IT departments. Moreover, audits – either from regulatory bodies or vendors such as Microsoft – can put an organization at risk for steep non-compliance fines and weigh heavily on staff. If your cloud documentation is up-to-date, accurate, and complete, locating information to satisfy auditors is a breeze, and staff can fully and effectively focus on what provides the most added value.

AWS cloud architecture diagrams created using Cloudockit are set to flag misconfigurations and issues that could compromise security (see red warning icons in the diagram below). Furthermore, in Cloudockit’s compliance module, cloud architects can quickly and easily add compliance rules and security checks to the ones that are already built-in.

Learn more

How to Read Your AWS Cloud Architecture Diagram

Our customers often ask us what is the best layout for the diagrams they generate. We performed many tests with hundreds of customers and found that there is no “one-size fits all” approach. The best approach is to generate many diagrams grouped differently. This will allow you to evaluate which are the best fit for you and your company. Our default diagrams are grouped by workloads, resource groups, location, applications, and/or global.

Tailored Diagrams

Cloudockit’s Tailored Diagrams feature lets you customize your architecture diagrams to include information that is most relevant to you and your team. Easily customize the layout of your components based on the different types of links Cloudockit can detect for your AWS, Azure, or Google Cloud environments.

Knowing your architecture is a crucial step in maintaining a healthy cloud. The more people use the Cloud and upload data, the harder it gets to monitor everything effectively. Cloudockit is a great tool to maintain a healthy and secure cloud architecture.