from diagrams.aws.network import InternetGateway, RouteTable, VPCRouter
from diagrams.aws.security import KMS, IAMRole
from diagrams.generic.network import Firewall
from diagrams.onprem.network import Internet
graph_attr = {
"pad": "0",
"bgcolor": "transparent"
}
with Diagram("template-08", show=False, direction="LR", filename="diagram-08", graph_attr=graph_attr):
internet = Internet("Public Internet")
with Cluster("Vpc 10.0.0.0/16"):
internet_gateway = InternetGateway("Igw")
internet - internet_gateway
routeTable = RouteTable("RouteTable")
routeTable >> Edge(label="0.0.0.0/0", style="dashed") >> internet_gateway
with Cluster("Subnet 10.0.0.0/24"):
router = VPCRouter("Router\n10.0.0.1")
router - Edge(style="dashed") - routeTable
router - internet_gateway
ec2 = EC2("ec2\n10.0.0.x")
ec2 - Edge(style="dashed") - router
sg = Firewall("SG: 22/tcp")
ec2 - sg - router
KMS("KeyPair") - ec2
ec2Role = IAMRole("Ec2InstanceRole") - ec2
cw = Cloudwatch("CloudWatch")
cw - internet
"fontname": "Helvetica",
"style": "rounded",
"bgcolor": "transparent"
}
cluster = {
"fontsize": "16",
"fontname": "Helvetica",
"style": "rounded",
"bgcolor": "transparent"
}
with Diagram("Codebuild", graph_attr=graph_attr, direction="LR"):
with Cluster("Code change", graph_attr=major_cluster):
with Cluster("Trigger", graph_attr=cluster):
Trigger = Cloudwatch("Event Trigger")
IAMRole("Trigger Role") >> Trigger
Cloudwatch = Codecommit("Code Change") >> Edge(
color="firebrick") >> Cloudwatch("Event Rule") >> Trigger
with Cluster("Build", graph_attr=cluster):
Build = Codebuild("Codebuild")
IAMRole("Codebuild Role") >> Build
Build << Edge(color="black") >> ParameterStore("Build No")
Build << Edge(color="black") >> ParameterStore("Latest")
Build >> Edge(color="darkgreen") >> S3("Artefact Store")
Trigger >> Edge(color="firebrick") >> Build
show=False,
graph_attr=graph_attr):
transit_gateway = None
central_cloudtrail = None
central_iam = None
with Cluster('Security Account'):
central_cloudtrail = Cloudtrail('Aggregated CloudTrail')
central_iam = IAM('Centralized IAM')
with Cluster('Billing Account'):
CostExplorer('Centralized Cost Explorer')
Budgets('Centralized Budgets')
SavingsPlans('Centralized Savings Plans')
ReservedInstanceReporting('Centralized Reserved Instance Reporting')
IAMRole('Billing IAM Role') - central_iam
with Cluster('Shared Services Account'):
transit_gateway = TransitGateway('Centralized Transit Gateway')
with Cluster('Public'):
VPC('Public VPC') - transit_gateway
with Cluster('Private VPC'):
VPC('Private VPC') - transit_gateway
Cloudtrail('Shared Service CloudTrail') - central_cloudtrail
IAMRole('Shared Services IAM Role') - central_iam
with Cluster('New Prod Account'):
with Cluster('Prod VPC'):
VPC('Prod VPC') - transit_gateway
from diagrams import Diagram
from diagrams.aws.compute import Lambda
from diagrams.aws.security import IAMRole
with Diagram("AWS Lambda Function", show=False, direction="TB"):
Lambda("lambda function") << IAMRole("lambda role")
from diagrams import Diagram
from diagrams.aws.security import IAMRole, IAMPermissions
with Diagram("AWS IAM Role", show=False, direction="TB"):
IAMRole("iam role") << [
IAMPermissions("inline policies"),
IAMPermissions("attached policies")
]
from diagrams import Diagram
from diagrams.aws.security import IAMRole
with Diagram("opscenter_role"):
IAMRole("OpsCenterRole")