Usually, we need to create reference architectures, documents and maintain long papers about the configurations and current state of the architecture workloads for cloud and on-premises environments. As part of continuous collaboration practice you can create and find a document that somebody wrote for example in Atlassian, Google Docs, Sharepoint or Notion the hand-written architectural diagrams, API references, and other information written there are likely to be out of date when you find them. This is a great issue and limit the discoverability.
Discoverability is defined by how rapidly you can find information about a service, library, tool, team, or repository.
There are some practices to avoid this issue and unified and reliable information at scale through automation. First, adopt Documentation as Code from IaC abstractions, here tools as terraform graph, diagrams, terraform-docs, blast-radius, cdk-dia, rover, etc. Second, load diagrams from current state using tools as Lucid scale, cloudiscovery, reverse-diagrams, etc.
Figure 1. Continuous Documentation
Providing automated Discoverability has become a significant enabler for improved collaboration at the organizations investing in developing an Inner Source culture.
In this blog you can find an example of second approach use a tool for take snapshots from your current setup in AWS environment.
AWS Organizations: an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
The Figure 2 depicts an overview of the elements for this demonstration, basically use boto3 for getting information about the actual state and configuration of the services and diagrams library for convert this information to python file and png file.
Cloudiscovery helps you to analyze resources in your AWS account but not support Organizations nether Identity Center yet.
Step by Step
You must have a aws cli profile with read only access to your organizations manager account.
$ reverse_diagrams -h
usage: reverse_diagrams [-h] [-p PROFILE] [-od OUTPUT_DIR_PATH] [-r REGION] [-o] [-i] [-a] [-v] [-d] {watch}
Create architecture diagram, inspect and audit your AWS services from your current state.
options:
-h, --help show this help message and exit
-p PROFILE, --profile PROFILE
AWS cli profile for AWS Apis
-od OUTPUT_DIR_PATH, --output_dir_path OUTPUT_DIR_PATH
Name of folder to save the diagrams python code files
-r REGION, --region REGION
AWS region
-o, --graph_organization
Set if
$ reverse_diagrams -h
usage: reverse_diagrams [-h] [-c CLOUD] [-p PROFILE] [-o] [-i] [-v]
options:
-h, --help show this help message and exit
-c CLOUD, --cloud CLOUD
Cloud Provider, aws, gcp, azure
-p PROFILE, --profile PROFILE
AWS cli profile for Access Analyzer Api
-o, --graph_organization
Set if you want to create graph for your organization
-i, --graph_identity Set if you want to create graph for your IAM Center
-v, --version Show version
Now run for your organization setup:
$ reverse_diagrams -c aws -p my-profile -o
Date: 2022-12-17 22:33:21.791819
🔄 Getting Organization Info
🔄 The Organizational Units list
🔄 Getting the Account list info
Run -> python3 graph_org.py
Now, you can find the diagrams code in .py files. For example for graph_org.py