Frequently Asked Questions

Answers on questions that might pop-up when starting to use our app

Subscription & Payments

How long are your subscriptions?

We currently offer monthly and annual subscriptions. You can cancel your subscription online at any time without any further obligations

What form of payment do you accept?

We support credit cards as payment method. We accept all major credit and debit cards like Visa, MasterCard, Discover and American Express

Where do you store credit card details?

We don't store or transmit any credit card details on our servers, we leave that up to payment processor called Stripe

Can I update my card details?

Yes. You can update your card details under the Manage Subscription section click Manage Subscription > Payment Methods > Edit Payment Method

Can I subscribe via AWS Marketplace?

Yes. You can subscribe via AWS Marketplace. This means that billing for your Cloudviz.io subscription will be handled by AWS - the same way as you would pay for your AWS usage

Can I cancel my subscription?

Yes. You can cancel in the app (Manage Subscription section) at any time. Just click Manage Subscription > click on your price plan > Cancel Subscription. Once the subscription is cancelled, you will not be charged next month. You will continue to have access to all the paid features until your current subscription expires

Can I try your service for free?

Yes, of course. Every new subscriber has 10-days free trial to ensure that this app works as expected

Can I add additional users to my plan?

Every new subscriber receives a 10-day free trial. If our app works for you, you can easily add additional users after the trial (available only for credit card payments). Simply go to the Manage Subscription section, select your price plan, click Edit Subscription, and adjust the user quantity. You will be charged for the prorated time remaining in your current subscription period.

Connecting Your Cloud

How can I connect my AWS environment to your app? Is it secure?

To connect your cloud environment to our app securely we use cross-account roles with unique external id generated by us for each subscriber. You have to create this role in your AWS IAM (Identity and Access Management) using our provided AWS account number and unique external id. We have made this process simple. In our app open Manage AWS Accounts > Add AWS Account and follow the steps.

If you are interested in more details about using cross-account roles with external id please read this comprehensive guide from AWS team.

What permissions do I have to grant for this cross-account role?

The easy way is to use "ReadOnlyAccess" policy which will provide read-only access to your AWS services and resources. The other option is to create your own policy and decide which services your will grant read access to. We will only import and display resources our app has permission for.

Please see our docs Custom Read-Only Policy section.

How many AWS accounts can I add?

There is no limitation for number of AWS accounts you can add.

AWS Sync & Diagram Generation

Does this app initiates AWS data sync automatically?

We are not syncing or accessing your cloud environments without your request. You are the owner of the data refresh frequency and you can do this as often as you need the refreshed data. We have set small cooldown time between sync requests in order not get throttled by AWS but this shouldn't affect anyhow your work with our App

What type of data do you sync?

We are syncing and storing basic metadata around each resource (like configuration values, resource ids, arns, state/status values, tags etc.) with main purpose to generate useful cloud architecture diagrams and give our users overview of their cloud environment

Can I delete my synced data?

Yes, you can easily delete all your synced data (from all AWS regions) for specific AWS account by deleting that account from Manage AWS Accounts section

Why specific region sync fails?

Our back-end syncs data, that is necessary to generate diagram for your AWS account, using AWS API calls. Most of the time if you receive sync failure message this means that AWS API calls take too long for us to respond to you with synced data synchronously. The reason could be that AWS API access for specific services (like S3, Route53, etc.) are experiencing some temporary challenges. In most scenarios this shouldn’t happen but if you receive this error all the time then please contact us and we will sort this out.

Can I generate AWS diagram automatically when I press sync button?

Yes, you can. Check the Auto generate diagram checkbox and we will refresh diagram for you every time you press sync button

What type of resources can you visualize in architecture diagrams?

Please see our docs List of Synced Resources section.

Can I choose which resources to include in generated diagram?

You can easily check / uncheck resources that you want to include before generating actual diagram. Just press the generate diagram button. And you can do a whole lot more - you can set your own diagram visualizations settings and save these for later use as custom views. Please see Views section for more details

Can I update diagram after it's generated?

You can update your generated diagrams by using toolbar in our app (activates when you click on specific resource). It provides all the basic functionality that you have in most of the drawing tools these days. We are constantly improving our editing tool so if you see something that behaves strangely please drop us a message

Do you support latest AWS icon set for generating the diagram?

We support both - new and previous version of AWS icons. We have created default views for new and previous icon versions. You can generate your AWS architecture diagrams by choosing one of these views. Additionally you can always drag & drop new icons to your diagram from Shapes section

Can I use any hotkeys in App?

Yes. There are several hotkeys that you can use:

  • Save diagram: ⌘+s Or ctrl+s
  • Fit diagram: f
  • Copy element: ⌘+c Or ctrl+c
  • Paste element: ⌘+v Or ctrl+v
  • Delete element: backspace Or del
  • Undo change: ⌘+z Or ctrl+z
  • Redo change: ⌘+y Or ctrl+y
  • Move element to back: ⌘+shift+b Or ctrl+shift+b
  • Move element to front: ⌘+shift+f Or ctrl+shift+f
  • Focus diagram search: ⌘+f Or ctrl+f
  • Open download view: ⌘+e Or ctrl+e
  • Move element up: up
  • Move element down: down
  • Move element right: right
  • Move element left: left

Views

What is a view?

A View is a foundation for generating diagrams in Cloudviz.io. It represents a set of visualization settings that are applied when creating a new diagram. Whenever user generates a diagram, it is created based on specific view.

For more details see our docs Views section.

How does the view functionality help our users?

View functionality gives our users fast track to generate different diagrams based on our pre-defined or custom diagram visualization settings. At the moment we have several default views defined like Full Account View, VPC View, Serverless View, etc.

Can I specify resource filters for views?

Yes, it's possible to specify resource filters in views. The most common filter types used by our users are VPC IDs and resource tags, which visualize only the resources that match the specified filters.

When should I create my own custom view?

You can create a custom view whenever you find that our default views don't fully meet the needs of your AWS cloud architecture. While we continuously enhance our default views to cover a range of AWS cloud architectures, if one of our default views works well for you, we recommend cloning its settings and saving it as your custom view for later use.

What can I change in diagram views?

First, you can choose which resources or resource groups to include in the generated diagrams. After that, you can configure various settings for each resource we visualize. For example, you can specify Element Settings such as default width and height, fill and border colors, name length and color, and various placement properties within the diagram. You can also define Connection Settings for each resource. For instance, for an Elastic Load Balancer, you can choose whether to display connection lines with target EC2 instances. Additionally, you can adjust the line style, color, and width, and add start or end arrows.

These are just a few of the many settings you can modify when creating your custom views.

Do you plan to introduce new settings for views?

We are constantly improving the available settings and always listening to our users, introducing new options that have been most requested. If you notice something missing that could enhance diagram generation flexibility, you are welcome to drop us a message

View Synced AWS Data

Can I view data synced from my AWS account?

You can easily view your synced data. Just click on the element in the diagram or in the left side menu and we will show the synced data for that element

Is it possible to search my synced data?

Yes, it's possible. You can filter out specific elements from your synced AWS data and diagrams by using different key words like element types, properties etc

How often do you refresh data from my cloud environment?

As mentioned above, we do not sync or access your cloud environments without your request. If you have made changes to your AWS environment and would like to see those updates in our app, simply press the sync button for that specific AWS account and region, and we will refresh the synced data.

Filter Expressions

What is filter expression and where can I use it?

Filter expressions let you visualize specific subset of your AWS account. You can use filter expressions in:

  • App UI: Simply click the search icon below the views select box and enter your filter expression
  • Developer API: as query string parameter "filter" in the request to visualize subset of your AWS environment
What is the syntax for filter expression?

You can use one or more of the following syntaxes in combination with operators to create complex filter expressions:

  • vpcId=<id>: add everything in the VPC that matches VPC id. (ex. vpcid=vpc-123)
  • tag=<value>:<key>: add everything from specified tag (ex. tag=stage:dev)
  • <any-resource-parameter-name>=<value>: add everything that matches specified parameter (ex. elementType="EC2 Instance", subnetId=subnet-123, privateIpAddress=172.31.5.193, runtime=nodejs18.x etc.)

For more details see our docs Filter Expressions section.

Team Collaboration

User roles and permissions

Cloudviz.io users can have one of the following user roles:

  • Owner
  • Administrator
  • User

Each role has different permissions and access to team resources. For more details see our docs User Roles and Permissions section.

What happens when a user joins team?

User will have specific permissions and access to team resources based on role assigned to user

What happens when a user leaves / is removed from team?

User will not have access to any of the team related resources:

  • AWS accounts
  • Automation profiles
  • Common diagram generation settings
  • Team member shared diagrams
Can team members (User / Administrator) create their own teams?

One user at the same time can be part only of one team (for now). In order to create new team - users should first leave the current team and then subscribe to "Cloudviz Team" price plan which has already ten users included

Diagram Export

In what formats can I export my generated diagrams?

Currently you can export your diagrams in PNG, SVG, PDF, JSON and Draw.io / Diagrams.net formats

Can I export diagram properties (synced data)?

Yes, you can. You will find checkbox "Diagram Properties" under JSON export section

Can I set size when exporting diagram?

Yes. Change Zoom parameter in order to change size when exporting diagram to PNG or SVG formats. We will always export diagrams in the way to fit all your elements that resides in your diagrams

Generate Documentation

What is documentation generation?

You can use our tool to automatically generate word document (docx) which will contain diagrams and detailed resource information of your AWS cloud environment (for specific region). This gives you and your team possibility to have always up-to-date documentation of your AWS environment without having a need to create read-only roles for AWS console access

When can I generate documentation of my AWS cloud environment?

You can easily generate documentation of your cloud environment after you have synced your account for specific AWS region

Can I choose which resources to include in documentation?

Yes. You can include / exclude specific resources in documentation. Just click the specific resource checkbox in the Diagram Settings view. Documentation and diagram settings are related. This means that if you change some diagram generation properties (for specific custom view) and then generate documentation - all the visual changes that you made will be reflected in the documentation too

Can I use my own documentation template?

You can choose one of our provided templates or specify your own template to generate documentation which covers your organizations style & content requirements. Contact us for more details if you are interested to create your own template.

Can I generate documentation for specific VPC?

Yes. We have developed resource filter feature which allows you to specify which resources you want to include in documentation / diagram. To visualize and generate documentation of specific VPC it's necessary to add VPC id in resource filter field. After that just click the generate button

Automation Profiles

What is automation profile?

You can schedule auto-generation of your diagrams and documentation for your AWS environments by creating automation profiles. Our app will do all the hard work so you don't have to spend time on refreshing and maintaining actual diagram of your AWS infrastructure.
The cool thing is that you can set specific visualization settings for your AWS environment as custom view and create automation profile to use these settings when generating the diagrams

Where autogenerated files will be stored?

Our app will store generated files on S3 bucket located in your AWS account which is used for diagram and documentation generation. We suggest to create new S3 bucket fully dedicated for our tool to store the generated files. This means that you will have to update your existing cross-account role to give our tool access to this bucket. Here is our suggested policy template: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::companyname-cloudviz/*"
        }
    ]
}
Do you store autogenerated files on your servers?

Our app doesn't store autogenerated files anywhere else except your provided S3 bucket.

All the files (diagrams & documentation) are generated in memory and no data is stored on disk. This makes our tool really useful for companies or individuals who need to have more control of where the generated data is stored and who is accessing it.

As files are stored in your S3 bucket you have all the control what to do next by using different AWS services. Like configure SNS to send notifications to you and your team when new diagram or documentation is generated and give read access to your team members. Embed the generated diagrams into your Confluence, wiki or different dashboards - so you and your team will always have an updated diagram of your AWS environment

What file formats can I set for autogenerated diagrams / documentation?

Currently you can autogenerate your diagrams in PNG, SVG, PDF, WORD and JSON formats. You can opt in to store snapshot of your current AWS environment in JSON format.

How often files will be autogenerated?

You can choose the generation frequency which best works for you - starting from once every 3 hours till once every month

Automatically Monitor Infrastructure Changes

What is infrastructure change monitoring?

Infrastructure change monitoring is a feature that allows you to automatically track changes in your AWS environment. This feature is useful for monitoring configuration changes of your AWS resources and understanding how your infrastructure evolves over time. Whenever a change is detected, we will automatically update the diagram with a new version (see diagram version history) and optionally notify your team (ex. Slack or Teams channels) of the top changes

What are the main benefits of infrastructure change monitoring?

Automated monitoring combined with diagram history gives our users superpowers:

  • Be notified when something changes in your infrastructure, so your team can always double-check if these changes are intended and as expected or not
  • Know exactly what’s changed in the form of a visual diagram or JSON diff
  • Complete history of your infrastructure changes. Access your infrastructure change history whenever you need it—whether debugging failed deployments, troubleshooting issues, or conducting security audits
How do you enable automated tracking?

You can enable automated tracking by initially generating your diagram and then clicking the Enable Automated Tracking button in the diagram toolbar. This will activate monitoring for all resources in the diagram.

It's important to note that, by default, we do not monitor anything unless you enable automated tracking for your diagram

How frequently are changes tracked?

When automated tracking is enabled, we monitor your AWS resource configurations once every 3 hours. You can increase the frequency by contacting us

How many AWS account-region pairs can I monitor?

Every Teams subscriber can monitor up to 5 AWS account-region pairs. If there is a need to monitor more, you can increase the limit by contacting us

How many diagrams can I monitor?

Every Teams subscriber can monitor up to 20 diagrams. If there is a need to monitor more, you can increase the limit by contacting us

Can I notify my team about the changes detected?

Yes, you can notify your team about the changes detected. For example you can configure notifications to be sent to your Slack or Microsoft Teams channels and be always up-to-date with the changes in your AWS environment

Version History

What is diagram version history?

Version history in Cloudviz.io allows you to track and compare (visually and as JSON diff) changes in your cloud infrastructure over time. With this feature, you can revisit how your architecture looked yesterday, last week, or even months ago. It highlights differences between versions—such as added, modified, or removed resources—using clear, color-coded highlights, making it easy to troubleshoot issues, audit changes, or pinpoint the source of unexpected behaviors.

When is a new diagram version created?

A new diagram version is created whenever you generate and save a new diagram. Cloudviz.io automatically checks for changes, including structural updates or property modifications, and saves a new version if differences are detected.

If you have enabled automated tracking for your diagram, a new version is created whenever changes are detected in your AWS environment related to the AWS resources visualized in the diagram

Can I generate documentation for specific diagram version?

Yes, you can generate full documentation for any diagram version. This feature is especially useful when you need to document a specific state of your cloud infrastructure for audit requests. You can generate documentation for any diagram version by selecting the desired version from the version history and clicking the "Generate Documentation" button (right top corner).

What happens with the versions when I delete a diagram?

When you delete a diagram, all its versions are also deleted. This action is irreversible, so make sure you no longer need the diagram or its versions before proceeding.

Can I add a name for diagram version?

Yes, you can add a name to a diagram version to help you identify it more easily. This feature is especially useful when you want to mark a specific version as a milestone, such as a major update or a significant change. Additionally, when you add a name for the specific version this will stay in the version history for that diagram permanently until you delete the diagram or the version itself.

How long are versions stored?
  • Base plan subscribers: Diagram versions are stored for 30 days. After this period, versions are automatically deleted unless manually removed earlier.
  • Team plan subscribers: Diagram versions are retained for 90 days.

If you need to store versions for a longer duration, such as for audits, debugging, or compliance needs, you can upgrade your Team plan by contacting us: support@cloudviz.io

Single Sign-On (SSO)

What SSO methods are supported?

We support SSO authentication via the Security Assertion Markup Language 2.0 (SAML 2.0). Setting up SAML for your Cloudviz account allows you and your team to log in using the credentials stored in your organization's Active Directory, LDAP, or other identity store connected to a SAML Identity Provider.

How to enable SAML SSO for your Cloudviz account?

To enable SAML SSO for your Cloudviz account, you need to be an owner of the account with an active Cloudviz Team subscription. You can enable SAML SSO by following these steps:

  • Go to Settings > Security & SSO
  • Create Cloudviz as a new application in your Identity Provider (IdP) by using following Cloudviz service provider details (from the Security & SSO section):
    • Assertion Consumer Service URL
    • Service Provider Entity ID
    • NameId Format
  • Map email attribute in your IdP SAML configuration. This attribute should be mapped in the SAML response as <saml:Attribute Name="email" ...>...
  • After creating application go back to Cloudviz and upload the metadata file from your identity provider.
  • If the SAML SSO configuration is successful, you will see sign "SAML is enabled" and the "Single Sign-On URL". Give it a few seconds for "Single Sign-On URL" to be fully operational.
What additional features of SAML SSO are supported?

We support the following features for SAML SSO:

  • SAML Strict Mode. With SAML Strict Mode enabled, all organization users (except subscription owner) must use SAML SSO to sign in to Cloudviz account. Any existing Cloudviz sign-in credentials are not valid. Subscription owner does retain access to alternative sign-in mode for troubleshooting purposes.
  • IdP Initiated Login. This is a process in Single Sign-On where the login procedure is initiated by the Identity Provider rather than the Service Provider.
  • Just-in-Time User Provisioning. When you enable this setting, Cloudviz automatically provisions and adds user account to the team (with "User" role assigned) when users sign in over SSO for the first time. This saves time for admins, who then don't need to manually invite users to Cloudviz.
  • Restricted Domains. You can restrict SSO authentication so that only users with email addresses from these domains are allowed.
How to disable SAML SSO for your Cloudviz account?

You can delete your SAML configuration by going to Settings > Security & SSO and clicking the "Delete configuration" button. This will disable access for all organization users who use Single Sign-On (SSO) as their only authentication method to log in to their Cloudviz accounts.

How does user deletion in SAML work?

Due to SAML limitations, Cloudviz does not receive notifications when a user's access is revoked in the IdP. After their current session expires, if users attempt to log in again via SSO, Cloudviz will deny access. For immediate effect, remove the user from the Cloudviz team (in the Cloudviz app). We recommend that you regularly review your team members and remove any users who no longer require access to Cloudviz.

Cloudviz API

Where can I find Cloudviz API documentation and examples?

All the Cloudviz developer API related documentation and examples can be found in our API Docs page

As experienced AWS architects and developers, our mission is to provide users an easy way to generate stunning AWS architecture diagrams and detailed technical documentation. Join us to simplify your diagramming process and unleash the beauty of your cloud infrastructure

Copyright © 2019 - 2025 Cloudviz Solutions SIA