If you are new to documenting your AWS architecture and are either building them by hand (which you shouldn’t) or using an automated AWS diagram software like Cloudockit, this article will be able to help you sort things out.
The article will walk you through each part of a global AWS architecture diagram. The diagram example in this article has 10 main sections. Depending on the size of your AWS infrastructure, you could have fewer or more sections.
The following diagram was created with Cloudockit and edited in diagrams.net.
Amazon CloudFront is a web service that speeds up the distribution of your web content.
CloudFront connects to Amazon SNS to send notifications to final users like SMS, email, and mobile push notifications. Amazon CloudFront can also connect to Amazon S3 bucket to store data including files and images.
Amazon Simple Notification Service, also known as Amazon SNS, is a managed messaging service for A2A and A2P communication.
In this example, we use Amazon CloudFront, which is a content delivery network (CDN) providing a globally distributed network of proxy servers that cache content. The main goal of CloudFront is to improve access speed for downloading the content.
You will see the connection between Amazon SNS and Amazon lambda to run code depending on the type of notification sent.
AWS Lambda Function is a very popular service from AWS. With Lambda, run code for almost any type of application or backend service without the need of provisioning or managing servers. The large advantage is being able to trigger Lambda for more than 200 services and SaaS applications.
For that reason, your AWS Lambda Functions can be connected to a multitude of workloads and large architectures can have thousands of functions.
If you have a large number of Lambda Functions, we recommend using Cloudockit’s Tailored Diagrams tool and generating a diagram uniquely for those functions.
Amazon lambda connects with Amazon DynamoDB to perform actions each time a specific DynamoDB table is updated.
As you can see in the diagram, Amazon lambda is connected to Amazon S3 as it performs actions each time S3 data is updated.
In our diagram, the 4th row is composed of 2 elements, Amazon Elastic Container Service (Amazon ECS) and AWS Elastic Beanstalk Application, or any Docker-enabled application.
Amazon ECS is a fully managed container service to enable you to deploy, manage, and scale containerized applications. With this serverless service, you could launch hundreds, even thousands, or containers across the cloud.
Amazon DynamoDB is a fully managed NoSQL database service that automatically scales up and down to fit your needs. It was created for consistent single-digit millisecond performances, unlimited throughput, unlimited storage, and automatic multi-region replication.
Amazon S3 Glacier for data archiving and long-term backup. Amazon S3 Glacier, part of Amazon Simple Storage Service (Amazon S3) is very cost-effective and delivers 99.999% durability with extensive security and compliance capabilities.
According to Amazon, Amazon S3 is one is the most used service as it offers a wide range of retrieval options.
Amazon S3 Buckets, also part of Amazon S3, is a public cloud storage resource similar to file folders consisting of data and its metadata.
In the diagram example, there are many S3 Buckets. Most companies use numerous buckets with different access privileges. It is a great way to keep your files secured and seen only by the appropriate team member.
Amazon Elastic File System (Amazon EFS) is an elastic shared file system. Elastic, meaning it automatically grows and shrinks with the amount of storage you store. This reduces the number of management hours your team could potentially spend.
You can create your Amazon EFS with EC2 Launch Instance Wizard, EFS console, CLI, or API.
Amazon Virtual Private Cloud (VPC) is a commercial cloud providing users a virtual private cloud by provisioning an isolated section of AWS. It is basically a private cloud without a commercial cloud giving you complete control over your environment, like resource placement, connectivity, and security.
After creating your VPC, you can add resources including Amazon Elastic Compute Cloud (EC2) and Amazon Relational Database Service (RDS) instances. You can then define how your Amazon VPCs communicate across accounts, Availability Zones (AZ), or Regions.
Amazon VPC is linked to Amazon EC2 instance as it provides a network connection.
Following the creation of a VPC, you can add a subnet for each of your Availability Zones. A subnet is simply a range of IP addresses in your VPC, however, a subnet cannot span AZs. Subnets can store AWS resources, such as an EC2 instance.
In our example, the subnet has several elastic network interfaces (ENI). These can be primary or secondary private IPv4 addresses, one public IPv4 address, one IPv6 address, a MAC address, and more.
Amazon EC2 provides a range of instance types. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. Each instance type includes a range of sizes to fit your needs.
In our example, we have a range of AWS EC2 Instance T2 micro, small, medium, and large.
Amazon EBS Volume provides storage to Amazon EC2.
Amazon EBS Volume is a block-level storage device attached to your instances. They basically act as a hard drive. Many companies use EBS volumes as primary storage for data requiring frequent updates.
We hope this article helps you understand your AWS diagrams a little more. As mentioned above, it is much better if you avoid creating your diagrams by hand. Your architecture is continually evolving, making your diagrams steadily obsolete. Instead of wasting time, take advantage of an AWS diagram software like Cloudockit.
Cloudockit will automatically generate your diagrams by finding the elements in your infrastructure. It can have more than 50 AWS workloads, 300 types of resources, and over 2000 links between them.