SmartDraw lets you import your AWS information to automatically generate a diagram. Learn more about that here.
The resources types we import from AWS Cloud Control API are:
Name: "AWS", // container: root
Name: "DEFAULT", // default icon
Name: "REGION", // container: Region
Name: "VPC", // container: VPC
Name: "SUBNET", // container: Subnet (public)
Name: "EC2", // node: EC2 - Elastic Compute Cloud
Name: "ELB", // node: ELBc2 - Elastic Load Balancer
Name: "CLB", // node: ELB - Classic Load Balancer
Name: "Autoscale", // node: Autoscaling - EC2 Auto Scaling
Name: "RDS", // node: RDS - Relational Database Service
Name: "S3", // node: S3 - Simple Storage Service
Name: "EBS", // node: EBS - Elastic Block Store
Name: "ACL", // node: ACL - EC2 network access control list
Name: "USER", // node: User
Name: "USERS", // node: User group
Name: "KEY", // node: key
Name: "IGATEWAY", // node: internet gateway
Name: "NGATEWAY", // node: NAT gateway
Name: "VGATEWAY", // node: VPN gateway
Name: "ROUTETABLE", // node: Route table
Name: "STORAGE", // node: standard storage
Name: "NETIF", // node: network interface
Name: "LAMBDA", // node: lambda function
Name: "CLOUDFRONT", // node: Cloudfront function
Name: "DYNAMODB", // node: DynamoDB Table
Name: "TASK", // node: ECS Task definition
Name: "CLUSTER", // node: ECS Cluster
Name: "KINESIS", // node: Kinesis stream
Name: "LOGS", // node: log-group
Name: "SNS", // node: SNS Topic
Name: "SQS", // node: SQS Queue
Name: "APIKEY",
Name: "ECR",
Name: "EKS",
Name: "ELASTICACHE",
Name: "CLOUDWATCH",
Name: "RDSPARAMS",
Name: "RDSINSTANCE",
Name: "RDSPROXY",
Name: "REDSHIFT",
Name: "ROUTE53",
Name: "ACCESSPOINT",
Name: "WAF"
To import and visualize your AWS resources within SmartDraw, the following are required:
- User in IAM with appropriate permissions set
- Access key or Role for each user. If you need a primer on how to set up permissions, read this article.
- Secret token for user, if using Access Key.
We recommend using the built-in ReadOnlyAccess permission set for best results.
If you wish to use a more limited set, you can here are the minimum permissions needed for the IAM user for the integration to work. You may modify as needed.
{
"Version": "2019-10-19",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"cloudfront:ListDistributions",
"ec2:DescribeInstances",
"ec2:DescribeNetworkAcls",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"iam:GetGroupPolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRolePolicy",
"iam:GetUserPolicy",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListGroupPolicies",
"iam:ListGroups",
"iam:ListGroupsForUser",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:ListUserPolicies",
"iam:ListUsers",
"rds:DescribeDBInstances",
"s3:ListAllMyBuckets",
"SNS:GetTopicAttributes",
"SNS:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:GetParameters"
],
"Resource": [
"*"
]
}
]
}