def workflow_final():
with Diagram("",
outformat='png',
filename='images/diagrams/workflow_final',
show=False,
graph_attr=DIAGRAM_ATTR,
node_attr={
'margin': "5",
}
# direction="TB",
):
Users(f'"{random.randrange(0,1000)} Hackers"', **COMMON_NODE_ATTR) \
>> get_diagram_edge() \
>> [
EC2("server", **COMMON_NODE_ATTR),
EC2("server", **COMMON_NODE_ATTR),
EC2("server", **COMMON_NODE_ATTR),
] \
>> get_diagram_edge() \
>> Splunk("", **COMMON_NODE_ATTR) \
>> get_diagram_edge() \
>> SimpleStorageServiceS3("Public S3 Bucket", **COMMON_NODE_ATTR) \
>> get_diagram_edge() \
<< EC2("server", **COMMON_NODE_ATTR) \
>> get_diagram_edge() \
>> Firewall("IPTables", fillcolor='red', **COMMON_NODE_ATTR)
#!/usr/bin/env nix-shell
#!nix-shell -i python -p python39Packages.diagrams
from diagrams import Cluster, Diagram
from diagrams.generic.device import Tablet
from diagrams.generic.network import Firewall
from diagrams.k8s.infra import Node
from diagrams.k8s.controlplane import KProxy
with Diagram("My K8s infrastructure"):
end_user = Tablet("end user")
firewall = Firewall("cloud firewall")
with Cluster("Kubernetes cluster"):
with Cluster("main node"):
proxy1 = KProxy()
node1 = Node("aarch64")
proxy1 >> node1
node2 = Node("x86_64")
proxy1 >> node2
end_user >> firewall >> proxy1
from diagrams.aws.network import InternetGateway, RouteTable, VPCRouter
from diagrams.aws.security import KMS, IAMRole
from diagrams.generic.network import Firewall
from diagrams.onprem.network import Internet
graph_attr = {
"pad": "0",
"bgcolor": "transparent"
}
with Diagram("template-08", show=False, direction="LR", filename="diagram-08", graph_attr=graph_attr):
internet = Internet("Public Internet")
with Cluster("Vpc 10.0.0.0/16"):
internet_gateway = InternetGateway("Igw")
internet - internet_gateway
routeTable = RouteTable("RouteTable")
routeTable >> Edge(label="0.0.0.0/0", style="dashed") >> internet_gateway
with Cluster("Subnet 10.0.0.0/24"):
router = VPCRouter("Router\n10.0.0.1")
router - Edge(style="dashed") - routeTable
router - internet_gateway
ec2 = EC2("ec2\n10.0.0.x")
ec2 - Edge(style="dashed") - router
sg = Firewall("SG: 22/tcp")
ec2 - sg - router
KMS("KeyPair") - ec2
ec2Role = IAMRole("Ec2InstanceRole") - ec2
cw = Cloudwatch("CloudWatch")
cw - internet
<FONT color="gray">●</FONT> automated <BR ALIGN="LEFT" />
<FONT color="green">●</FONT> proxy <BR ALIGN="LEFT" />
>"""
with Diagram("Homelab", show=False, outformat="png"):
Node(
label=legend_text,
width="4",
shape="plaintext",
)
workstation = Ansible("homelab.git")
with Cluster("Service Node"):
ingress = Traefik("ingress")
middleware = [Firewall("OAuth middlware")]
ingress >> Edge(style="dashed") >> middleware
(
ingress
>> Edge(color="green")
>> [
Server("adguard"),
Server("espial"),
Server("miniflux"),
PostgreSQL("miniflux_db"),
Server("firefly"),
PostgreSQL("firefly_db"),
Server("healthchecks"),
Server("n8n"),
PostgreSQL("n8n_db"),
internet_gateway = InternetGateway("Igw")
internet_gateway - internet
with Cluster("Vpc 10.0.0.0/16"):
publicRouteTable = RouteTable("PublicRouteTable")
publicRouteTable >> Edge(label="0.0.0.0/0",
style="dashed") >> internet_gateway
privateRouteTable = RouteTable("PrivateRouteTable")
with Cluster("AZ1 (eu-central-1a)"):
with Cluster("PublicSubnet 10.0.0.0/24"):
publicSubnetRouter = VPCRouter("Router\n10.0.0.1")
publicSubnetRouter - internet_gateway
publicSubnetRouter - Edge(style="dashed") - publicRouteTable
ec2 = EC2("ec2\n10.0.0.x")
webSg = Firewall("SG: 8080/tcp")
ec2 - Edge(style="dashed") - publicSubnetRouter
ec2 - webSg - publicSubnetRouter
with Cluster("PrivateSubnetA 10.0.8.0/24"):
privateSubnetARouter = VPCRouter("Router\n10.0.8.1")
privateSubnetARouter - Edge(style="dashed") - privateRouteTable
dbPrimary = RDS("Database (Primary)")
dbPrimary - Edge(style="dashed") - privateSubnetARouter
with Cluster("AZ2 (eu-central-1b)"):
with Cluster("PrivateSubnetB 10.0.9.0/24"):
privateSubnetBRouter = VPCRouter("Router\n10.0.9.1")
privateSubnetBRouter - Edge(style="dashed") - privateRouteTable
dbSecondary = RDS("Database (Secondary)")
dbSecondary - Edge(style="dashed") - privateSubnetBRouter
from diagrams.generic.network import Firewall
from diagrams.generic.os import Android, IOS, Windows, LinuxGeneral, Centos
from diagrams.oci.connectivity import DNS
from diagrams.onprem.database import MySQL
from diagrams.onprem.inmemory import Redis
from diagrams.onprem.network import Nginx, HAProxy
from diagrams.programming.framework import Django
NUM_APP_SERVERS = 1
NUM_MYSQL_REPLICAS = 2
NUM_UWSGI_FORKS = 2
NUM_REDIS_REPLICAS = 1
with Diagram('Django HA', show=False, direction='TB'):
lb = Nginx('Load Balancer based on NGINX')
lb_firewall = Firewall('Firewall of Load Balancer')
dns = DNS('Any DNS server')
redis_haproxy = HAProxy('HAProxy for Redis Cluster')
db_haproxy = HAProxy('HAProxy for MySQL Cluster')
with Cluster('Users') as users:
with Cluster('Desktop users'):
dns << LinuxGeneral() >> lb_firewall >> lb
dns << Windows() >> lb_firewall >> lb
with Cluster('Mobile users'):
dns << IOS() >> lb_firewall >> lb
dns << Android() >> lb_firewall >> lb
with Cluster('Redis Cluster'):
from diagrams import Diagram, Cluster
from diagrams.onprem.container import Docker
from diagrams.generic.network import Firewall
from diagrams.aws.management import Cloudwatch, ParameterStore
from diagrams.aws.storage import EFS
from diagrams.aws.compute import ECS
with Diagram("AWS ECS Task Definition", show=False, direction="TB"):
with Cluster("task definition"):
image = Docker("image")
ports = Firewall("ports")
logging = Cloudwatch("logging")
environment = ECS("environment")
secrets = ParameterStore("secrets")
health_check = ECS("health check")
mount_points = EFS("mount points")
import os
import pathlib
from diagrams import Cluster, Diagram, Edge
from diagrams.aws.storage import S3
from diagrams.generic.network import Firewall, Switch
from diagrams.onprem.database import PostgreSQL
from diagrams.onprem.inmemory import Redis
from diagrams.programming.language import NodeJS
filename = "architecture-cloud-gov"
with Diagram("Site Scanner", show=False, filename=filename):
with Cluster("API"):
api_data_gov = Firewall("api.data.gov") # not really a firewall
router = Switch("Cloud.gov router")
with Cluster("API Logic"):
node_api_app = NodeJS("API Logic")
with Cluster("Data and Storage"):
postgres = PostgreSQL("AWS-RDS PG")
with Cluster("Node Cold Storage"):
cold_storage_node = NodeJS("Cold Storage Code")
s3_cold_storage = S3("S3 (Cold Storage)")
with Cluster("Scanning"):
with Cluster("Configurable CRON jobs"):
from diagrams.aws.database import RDS
from diagrams.aws.management import Cloudwatch
from diagrams.aws.network import InternetGateway, RouteTable, VPCRouter
from diagrams.aws.security import KMS, IAMRole
from diagrams.aws.storage import S3
from diagrams.generic.network import Firewall
from diagrams.onprem.network import Internet
graph_attr = {
"pad": "0",
"bgcolor": "transparent"
}
with Diagram("template-12", show=False, direction="TB", filename="diagram-12", graph_attr=graph_attr):
with Cluster("Vpc 10.0.0.0/16"):
webSg = Firewall("SG in 8080/tcp")
with Cluster("AZ1 (eu-central-1a)"):
with Cluster("PublicSubnet 10.0.0.0/24"):
publicSubnetRouter = VPCRouter("Router\n10.0.0.1")
ec2 = EC2("ec2\n10.0.0.x")
ec2 - Edge(style="dashed") - publicSubnetRouter
ec2 - webSg - publicSubnetRouter
with Cluster("PrivateSubnetA 10.0.8.0/24"):
privateSubnetARouter = VPCRouter("Router\n10.0.8.1")
dbPrimary = RDS("Database (Primary)")
dbPrimary - Edge(style="dashed") - privateSubnetARouter
dbClientSg = Firewall("SG out 3306/tcp")
dbServerSg = Firewall("SG in 3306/tcp")