Forem: pasdam The latest articles on Forem by pasdam (@pasdam). https://forem.com/pasdam https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2967370%2Fe8e39dbd-cbe0-4ff3-a76d-2831238cb1c8.png Forem: pasdam https://forem.com/pasdam en Automatically generate diagrams from resources deployed in AWS pasdam Sun, 23 Mar 2025 04:21:44 +0000 https://forem.com/pasdam/automatically-generate-diagrams-from-resources-deployed-in-aws-kn6 https://forem.com/pasdam/automatically-generate-diagrams-from-resources-deployed-in-aws-kn6 <p>Navigating through all the services in the AWS console is cumbersome, and<br> generating diagrams manually and keep them updated is a tedious job.<br> <code>infra-inspector</code> automates these processes, so you can use it in CI/CD<br> environments to automatically or periodically generate these useful info.</p> <h2> Usage </h2> <h3> Generate the inventory </h3> <p>First thing you need to create a configuration to tell the CLI tool which resources to catalog.</p> <p>Create a file called <code>inventory-config.yml</code> with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">awsAccounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">regions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">regionName</span><span class="pi">:</span> <span class="s">us-east-1</span> <span class="na">services</span><span class="pi">:</span> <span class="na">rdsEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">elbEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mskEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">elasticacheEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">openSearchEnabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">transitGatewayEnabled</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>Now you can use the config above to generate the inventory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--rm</span> <span class="se">\</span> <span class="nt">-v</span> ~/.aws/credentials:/root/.aws/credentials:ro <span class="se">\</span> <span class="nt">-v</span> <span class="sb">`</span><span class="nb">pwd</span><span class="sb">`</span>/inventory-config.yml:/opt/infra-inspector/inventory-config.yml:ro <span class="se">\</span> <span class="nt">-v</span> <span class="sb">`</span><span class="nb">pwd</span><span class="sb">`</span>/output:/output <span class="se">\</span> ghcr.io/infra-inspector/infra-inspector:latest <span class="se">\</span> inventory <span class="nt">-c</span> /opt/infra-inspector/inventory-config.yml <span class="nt">-o</span> /output/inventory.yml </code></pre> </div> <p>This command will produce something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">accounts</span><span class="pi">:</span> <span class="s2">"</span><span class="s">000000000000"</span><span class="err">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s2">"</span><span class="s">000000000000"</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">regions</span><span class="pi">:</span> <span class="na">us-east-1</span><span class="pi">:</span> <span class="na">azs</span><span class="pi">:</span> <span class="na">us-east-1a</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">us-east-1b</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">us-east-1c</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">us-east-1d</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">us-east-1e</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">us-east-1f</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">internetGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">name</span><span class="pi">:</span> <span class="s">us-east-1</span> <span class="na">transitGateways</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">vpcs</span><span class="pi">:</span> <span class="na">vpc-0000000000000000</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">vpc-0000000000000000</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.0.0/16</span> <span class="na">dbClusters</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">elasticacheClusters</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">elbs</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">isDefault</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mskClusters</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">openSearchClusters</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">subnets</span><span class="pi">:</span> <span class="na">subnet-00000000000000000</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">subnet-00000000000000000</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.48.0/20</span> <span class="na">autoAssignPublicIp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">instances</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">az</span><span class="pi">:</span> <span class="s">us-east-1d</span> <span class="na">natGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">subnet-00000000000000001</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">subnet-00000000000000001</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.32.0/20</span> <span class="na">autoAssignPublicIp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">instances</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">az</span><span class="pi">:</span> <span class="s">us-east-1c</span> <span class="na">natGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">subnet-00000000000000002</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">subnet-00000000000000002</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.0.0/20</span> <span class="na">autoAssignPublicIp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">instances</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">az</span><span class="pi">:</span> <span class="s">us-east-1a</span> <span class="na">natGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">subnet-00000000000000003</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">subnet-00000000000000003</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.16.0/20</span> <span class="na">autoAssignPublicIp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">instances</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">az</span><span class="pi">:</span> <span class="s">us-east-1b</span> <span class="na">natGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">subnet-00000000000000004</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">subnet-00000000000000004</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.80.0/20</span> <span class="na">autoAssignPublicIp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">instances</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">az</span><span class="pi">:</span> <span class="s">us-east-1f</span> <span class="na">natGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">subnet-00000000000000005</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s">subnet-00000000000000005</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.31.64.0/20</span> <span class="na">autoAssignPublicIp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">instances</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">az</span><span class="pi">:</span> <span class="s">us-east-1e</span> <span class="na">natGateways</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">tgwAttachments</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <p>The content might be different based on the resources you have deployed in your account(s).</p> <h3> Generate the diagram </h3> <p>From the inventory we generated above we can then create the diagram with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--rm</span> <span class="se">\</span> <span class="nt">-v</span> <span class="sb">`</span><span class="nb">pwd</span><span class="sb">`</span>/output/inventory.yml:/opt/infra-inspector/inventory.yml:ro <span class="se">\</span> <span class="nt">-v</span> <span class="sb">`</span><span class="nb">pwd</span><span class="sb">`</span>/output:/output <span class="se">\</span> ghcr.io/infra-inspector/infra-inspector:latest <span class="se">\</span> diagram <span class="nt">-f</span> /opt/infra-inspector/inventory.yml <span class="nt">-o</span> /output/diagram.drawio </code></pre> </div> <p>The output can then be opened in <a href="https://www.drawio.com/" rel="noopener noreferrer">Draw.io</a>.</p> <p>With the inventory above you should get this diagram:</p> <h3> Use in CI pipelines </h3> <p>The above commands can be used in a CI/CD environment as well to automate the process, like for instance update the inventory and the diagram every time the infrastructure is updated, or at specified interval, like once a day.</p> <p>For instance to automatically generate the inventory and the diagram after an update to the infrastructure is deployed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Infrastructure deployment</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branch</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">infra-deployment</span><span class="pi">:</span> <span class="c1"># ...</span> <span class="c1"># Job to deploy the infrastructure updates, using Terraform, Pulumi or</span> <span class="c1"># similar</span> <span class="c1"># ...</span> <span class="na">infra-inspector</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Generate inventory</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">infra-deployment</span> <span class="na">container</span><span class="pi">:</span> <span class="s">ghcr.io/infra-inspector/infra-inspector:latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4.2.2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS Credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">aws-access-key-id</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">aws-secret-access-key</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">us-west-2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Generate inventory</span> <span class="na">run</span><span class="pi">:</span> <span class="s">infra-inspector inventory -c inventory-config.yml -o inventory.yml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Generate diagram</span> <span class="na">run</span><span class="pi">:</span> <span class="s">infra-inspector diagram -f inventory.yml -o diagram.drawio</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Archive code coverage results</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">diagram</span> <span class="na">path</span><span class="pi">:</span> <span class="s">diagram.drawio</span> </code></pre> </div> <p>Here the job <code>infra-inspector</code> will run only after <code>infra-deployment</code> has been successfully completed, and it will checkout the repository where the inventory config is (here we are assuming this is in the repo root, and it's called <code>inventory-config.yml</code>), configure the AWS credentials needed to pull the data, generate the inventory and then the diagram, which is then finally stored as artifact.</p> <h2> Conclusion </h2> <p>Automating the generation of infrastructure diagrams with tools like<br> <code>infra-inspector</code> offers significant advantages in terms of time savings,<br> accuracy, and maintaining up-to-date documentation. By integrating this process<br> into your CI/CD pipelines, you can ensure that your diagrams always reflect the<br> current state of your AWS environment. This tutorial provides a practical<br> introduction to using <code>infra-inspector</code>, but there's much more to explore,<br> including advanced configuration options, support for additional AWS services,<br> and further customization possibilities.</p> <p>To get more details about the steps described above, I encourage you to visit the <a href="https://pasdam.github.io/blog/posts/aws_diagrams/" rel="noopener noreferrer">original blog post</a>.</p> aws devops documentation cicd