Frequently Asked Questions

Answers on questions that might pop-up when starting to use our app

Subscription & Payments

How long are your subscriptions?

Currently, we offer monthly and annual subscriptions. You can cancel in the app online at any time with no further obligations

What form of payment do you accept?

We support credit cards as payment method. We accept all major credit and debit cards like Visa, MasterCard, Discover and American Express

Where do you store credit card details?

We don't store or transmit any credit card details on our servers, we leave that up to payment processor called Stripe

Can I update my card details?

Yes. You can update your card details under the Manage Subscription section click Manage Subscription > Payment Methods > Edit Payment Method

Can I subscribe via AWS Marketplace?

Yes. You can subscribe via AWS Marketplace. This means that billing for your Cloudviz.io subscription will be handled by AWS - the same way as you would pay for your AWS usage

Can I cancel my subscription?

Yes. You can cancel in the app (Manage Subscription section) at any time. Just click Manage Subscription > click on your price plan > Cancel Subscription. Once the subscription is cancelled, you will not be charged next month. You will continue to have access to all the paid features until your current subscription expires

Can I try your service for free?

Yes, of course. Every new subscriber has 10-days free trial to ensure that this app works as expected

Why does subscription for your app cost less than similar apps out there?

Yes, we are similar but different. We have concentrated our efforts to build the app with focus on how to best generate AWS architecture diagrams and how to give our users flexibility to change the way diagrams are generated (see Generation Profiles section). Taking this into account for example we don't have yet a possibility to sync & generate diagrams from other public clouds like Azure or Google Cloud Platform. Thus by setting right priorities gives us opportunity to provide different price

Can I add additional users to my plan?

Every new subscriber has 10-days free trial. If our app works for you then after the trial you can easily add additional users at any time (available for credit card payments method). Just go to Manage Subscription section and click Manage Subscription > click on your price plan > Edit Subscription and change quantity for your price plan. You will be charged for the prorated time remaining in your current subscription period

Why I'm logged out of my current session?

Session per user can be 30 days long. After that you will be asked to enter your app login credentials again. The other reason could be that we support one active session per user. This means that if user logs in from other browser or device then previous session will be revoked.

Connecting Your Cloud

How can I connect my AWS environment to your app? Is it secure?

To connect your cloud environment to our app securely we use cross-account roles with unique external id generated by us for each subscriber. You have to create this role in your AWS IAM (Identity and Access Management) using our provided AWS account number and unique external id. We have made this process simple. In our app open Manage AWS Accounts > Add AWS Account and follow the steps.

If you are interested in more details about using cross-account roles with external id please read this comprehensive guide from AWS team

What permissions do I have to grant for this cross-account role?

The easy way is to use "ReadOnlyAccess" policy which will provide read-only access to your AWS services and resources. The other option is to create your own policy and decide which services your will grant read access to. We will only import and display resources our app has permission for.
Please see below for our suggested custom read-only policy in order to use our app's sync functionality fully: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
              "autoscaling:Describe*",
              "dynamodb:ListTables",
              "ses:List*",
              "dynamodb:ListTagsOfResource",
              "s3:List*",
              "s3:GetBucketTagging",
              "s3:GetBucketLocation",
              "rds:Describe*",
              "dynamodb:DescribeTable",
              "glacier:List*",
              "timestream:List*",
              "timestream:Describe*",
              "elasticache:List*",
              "route53:List*",
              "elasticloadbalancing:Describe*",
              "apigateway:GET",
              "ecs:List*",
              "cloudfront:List*",
              "ses:Get*",
              "sqs:ListQueues",
              "elasticfilesystem:Describe*",
              "sns:GetTopicAttributes",
              "lambda:List*",
              "lambda:GetPolicy",
              "iam:GetPolicyVersion",
              "iam:ListPolicyVersions",
              "iam:ListAttachedRolePolicies",
              "iam:ListRolePolicies",
              "iam:GetRolePolicy",
              "ecs:Describe*",
              "sqs:GetQueueAttributes",
              "sqs:ListQueueTags",
              "elasticache:Describe*",
              "sns:List*",
              "ec2:Describe*",
              "rds:ListTagsForResource",
              "kafka:ListNodes",
              "kafka:ListClusters",
              "redshift:Describe*",
              "workspaces:Describe*",
              "es:Describe*",
              "es:List*",
              "eks:DescribeCluster",
              "eks:ListClusters",
              "kinesis:List*",
              "kinesis:Describe*",
              "wafv2:ListWebACLs",
              "wafv2:ListResourcesForWebACL",
              "wafv2:ListTagsForResource",
              "ds:DescribeDirectories",
              "eks:DescribeCluster",
              "eks:ListClusters",
              "appsync:ListGraphqlApis",
              "appsync:ListDataSources"
          ],
            "Resource": "*"
        }
    ]
}
How many AWS accounts can I add?

There is no limitation for number of AWS accounts you can add.

AWS Sync & Diagram Generation

Does this app initiates AWS data sync automatically?

We are not syncing or accessing your cloud environments without your request. You are the owner of the data refresh frequency and you can do this as often as you need the refreshed data. We have set small cooldown time between sync requests in order not get throttled by AWS but this shouldn't affect anyhow your work with our App

What type of data do you sync?

We are syncing and storing basic metadata around each resource (like configuration values, resource ids, arns, state/status values, tags etc.) with main purpose to generate useful cloud architecture diagrams and give our users overview of their cloud environment

Can I delete my synced data?

Yes, you can easily delete all your synced data (from all AWS regions) for specific AWS account by deleting that account from Manage AWS Accounts section

Why specific region sync fails?

Our back-end syncs data, that is necessary to generate diagram for your AWS account, using AWS API calls. Most of the time if you receive sync failure message this means that AWS API calls take too long for us to respond to you with synced data synchronously. The reason could be that AWS API access for specific services (like S3, Route53, etc.) are experiencing some temporary challenges. In most scenarios this shouldn’t happen but if you receive this error all the time then please contact us and we will sort this out.

Can I generate AWS diagram automatically when I press sync button?

Yes, you can. Check the Auto generate diagram checkbox and we will refresh diagram for you every time you press sync button

What type of resources can you visualize in architecture diagrams?

At the moment we visualize following resource types:

Networking & Content Delivery
Region, Virtual Private Cloud, Availability Zone, Subnet, NAT Gateway, VPC Endpoint Interface, Application Load Balancer, Network Load Balancer, Gateway Load Balancer, Internet Gateway, Transit Gateway, VPN Gateway, VPN Connection, Customer Gateway, Router, VPC Endpoint Gateway, VPC Peering Connection, EFS Mount Target, Cloud Front Distribution, Hosted Zone, API Gateway REST API, API Gateway HTTP API, API Gateway WebSocket API, Security Group *, Network ACL *, Network Interface, VPC Endpoint GWLB, Egress Only Internet Gateway

Compute
EC2 Instance, Lambda Function, Auto Scaling Group, Elastic IP

Storage
S3 Bucket, EFS File System, Glacier Vault, Volume

Database
RDS Instance, ElastiCache Node, DynamoDB Table, Timestream Table

Application Service
SQS Queue, SNS Topic, SES Identity

Containers
ECS Task, ECS Cluster *, ECS Service *, EKS Cluster

Front-end Web & Mobile
AppSync GraphQL API

Security, Identity, & Compliance
WAF Web ACL, Directory Service Directory

Analytics
Redshift Cluster *, Redshift Cluster Node, MSK Cluster *, MSK Broker Instance, Elasticsearch Domain, Kinesis Data Stream

End User Computing
WorkSpace

* These resources will not be visualized automatically in your diagrams. However these will be synced from your AWS account and available to be added manually from left side resource menu

Can I choose which resources to include in generated diagram?

You can easily check / uncheck resources that you want to include before generating actual diagram. Just press the generate diagram button. And you can do a whole lot more - you can set your own diagram generation settings and save these for later use as profiles. Please see Generation Profiles section for more details

Can I update diagram after it's generated?

You can update your generated diagrams by using toolbar in our app (activates when you click on specific resource). It provides all the basic functionality that you have in most of the drawing tools these days. We are constantly improving our editing tool so if you see something that behaves strangely please drop us a message

Do you support latest AWS icon set for generating the diagram?

We support both - new and previous version of AWS icons. We have created default generation profiles for new and previous icon versions. You can generate your AWS architecture diagrams by choosing one of these profiles. Additionally you can always drag & drop new icons to your diagram from Shapes section

Can I use any hotkeys in App?

Yes. There are several hotkeys that you can use:

  • Save diagram: ⌘+s Or ctrl+s
  • Fit diagram: f
  • Copy element: ⌘+c Or ctrl+c
  • Paste element: ⌘+v Or ctrl+v
  • Delete element: backspace Or del
  • Undo change: ⌘+z Or ctrl+z
  • Redo change: ⌘+y Or ctrl+y
  • Move element to back: ⌘+shift+b Or ctrl+shift+b
  • Move element to front: ⌘+shift+f Or ctrl+shift+f
  • Focus diagram search: ⌘+f Or ctrl+f
  • Open download view: ⌘+e Or ctrl+e
  • Move element up: up
  • Move element down: down
  • Move element right: right
  • Move element left: left

Quick Views

How does the quick view functionality help our users?

Quick view functionality gives our users fast track to generate different diagrams based on our pre-defined or custom diagram generation profiles. At the moment we have several default generation profiles defined like Full Account View, VPC View, Serverless View, etc.

What is the difference between quick views and generation profiles?

When user generates new diagram it uses generation profile that is selected in quick view. So quick view is just a way to select generation profile that will be used for diagram generation. When the diagram is saved then generation profile id is saved with the diagram and it's used when user opens it again. With this user can easily refresh (generate) the diagram with the same generation profile that was used when diagram was initially generated

Can I specify resource filters in quick views?

Yes, it's possible to specify resource filters in quick views. The most common filter types used by our users are VPC IDs and resource tags, which visualize only the resources that match the specified filters. It's good to know that quick view resource filters and generation profile filters don't override each other but instead they are used combined

View Synced AWS Data

Can I view data synced from my AWS account?

You can easily view your synced data. Just click on the element in the diagram or in the left side menu and we will show the synced data for that element

Is it possible to search my synced data?

Yes, it's possible. You can filter out specific elements from your synced AWS data and diagrams by using different key words like element types, properties etc

How often do you refresh data from my cloud environment?

As mentioned above we are not syncing or accessing your cloud environments without your request. If you have made some changes in your AWS environment and you would like to see those changes in our app - you should just press sync button for that particular AWS account and region and we will refresh synced data

Filter Expressions

What is filter expression and where can I use it?

Filter expressions let you visualize specific subset of your AWS account. You can use filter expressions in:

What is the syntax for filter expression?

You can use one or more of the following syntaxes in combination with operators to create complex filter expressions:

  • vpcId=<id>: add everything in the VPC that matches VPC id. (ex. vpcid=vpc-123)
  • tag=<value>:<key>: add everything from specified tag (ex. tag=stage:dev)
  • <any-resource-parameter-name>=<value>: add everything that matches specified parameter (ex. elementType="EC2 Instance", subnetId=subnet-123, privateIpAddress=172.31.5.193, runtime=nodejs18.x etc.)
What operators can I use in filter expressions?

The expression syntax provides operators and modifiers to create complex filter expressions allowing users to define what exactly should be visualized in the diagram. Following operators and modifiers are supported:

  • AND allows to specify multiple conditions that would limit or expand the results. For example:
    • vpcId=vpc-123 and tag=stage:dev: this would return all the resources within VPC vpc-123 and contains tag stage:dev
    • vpcId=vpc-123 and elementType="EC2 Instance": this would return all the resources that are EC2 instances and are within VPC vpc-123
    • vpcId=vpc-123 and subnetId=subnet-123: this would return all resources within VPC vpc-123 and subnet subnet-123
  • OR allows to specify multiple conditions that would limit or expand the results. For example:
    • vpcId=vpc-123 or vpcId=vpc-321: this would return all the resources within VPCs vpc-123 or vpc-321
  • != allows removal of resources matching specific conditions. For example:
    • vpcId=vpc-123 and instanceType!=t2.small: this would return all the resources within VPC vpc-123 where instance type is not t2.small
    • vpcId=vpc-123 and state!=stopped: this would return all the resources within VPC vpc-123 where state is not stopped
  • * wildcard gives flexibility to specify filter value. For example:
    • vpcid=*: this would return all the resources related to any VPC
    • vpcid!=*: this would return all the resources that are not related to any VPC
    • tag=*:*: this would return all the resources that have tags
    • tag!=*:*: this would return all the resources that don't have tags
    • vpcId=vpc-123 and privateIpAddress=10.*.5.*: this would return all the resources within VPC vpc-123 where private ip address matches 10.*.5.* pattern
  • ( ) brackets allow to group logical conditions together to create more complex filter expressions. For example:
    • vpcId=vpc-123 and (tag=stage:dev or tag=cost-center:billing): this would return all the resources within VPC vpc-123 with specified tags stage:dev or cost-center:billing
    • vpcId=vpc-123 and (elementType="EC2 Instance" or elementType=*Balancer): this would return all the EC2 instances or load balancers within VPC vpc-123

There are few things that you should know before you start to play with expression syntax:

  • Parameter names (ex. vpcId=..., elementType) and search operators (AND, OR) are case-insensitive this means that you can specify name in any format that works for you and your team
  • Parameter values (ex. ....=vpc-123, ...=STAGE:dev) are case-sensitive

Team Collaboration

User roles and permissions

Cloudviz.io users can have one of the following user roles:

  • Owner
  • Administrator
  • User

Owner has access to everything in particular team (subscription) - including billing and subscription related settings. After subscribing to specific price plan user receives Owner role with following permissions:

  • Manage subscription settings
  • Manage team settings:
    • Create new users / administrators
    • Change user roles
    • Delete team members (only user access to this team is removed)
  • Create / update / delete / share / sync AWS accounts
  • Create / update / delete automation profiles
  • Create / update / delete API keys
  • Create / update / delete common team diagram generation profiles
  • Generate / create / update / delete / share private diagrams
  • Generate documentation

Administrator permissions:

  • Create / update / delete / share / sync AWS accounts
  • Create / update / delete automation profiles
  • Create / update / delete API keys
  • Create / update / delete common team diagram generation profiles
  • Generate / create / update / delete / share private diagrams
  • Generate documentation

User permissions:

  • Sync shared AWS accounts
  • Read automation profiles
  • Create / update / delete common team diagram generation profiles
  • Generate / create / update / delete / share private diagrams
  • Generate documentation

It's good to know that:

  • When the Administrator / Owner user creates new AWS account it's automatically available to other Administrators or Owner
  • All the team created AWS accounts, diagram generation profiles and automation profiles are stored under the Owner account. This means that when user leaves the team and for example creates new subscription there will be no AWS accounts, diagram generation profiles and automation profiles available from previous team
  • All the diagrams shared with the team by user are in read-only mode for other team members
  • If the user shared the diagram with the team and then leaves the team - diagram will not be anymore available for the team. All the diagrams by default are private for all users
What happens when a user joins team?

User will have specific permissions and access to team resources based on role assigned to user

What happens when a user leaves / is removed from team?

User will not have access to any of the team related resources:

  • AWS accounts
  • Automation profiles
  • Common diagram generation settings
  • Team member shared diagrams
Can team members (User / Administrator) create their own teams?

One user at the same time can be part only of one team (for now). In order to create new team - users should first leave the current team and then subscribe to "Cloudviz Team" price plan which has already ten users included

Diagram Export

In what formats can I export my generated diagrams?

Currently you can export your diagrams in PNG, SVG, PDF, JSON and Draw.io / Diagrams.net formats

Can I export diagram properties (synced data)?

Yes, you can. You will find checkbox "Diagram Properties" under JSON export section

Can I set size when exporting diagram?

Yes. Change Zoom parameter in order to change size when exporting diagram to PNG or SVG formats. We will always export diagrams in the way to fit all your elements that resides in your diagrams

Generate Documentation

What is documentation generation?

You can use our tool to automatically generate word document (docx) which will contain diagrams and detailed resource information of your AWS cloud environment (for specific region). This gives you and your team possibility to have always up-to-date documentation of your AWS environment without having a need to create read-only roles for AWS console access

When can I generate documentation of my AWS cloud environment?

You can easily generate documentation of your cloud environment after you have synced your account for specific AWS region

Can I choose which resources to include in documentation?

Yes. You can include / exclude specific resources in documentation. Just click the specific resource checkbox in the Diagram Settings view. Documentation and diagram settings are related. This means that if you change some diagram generation properties (for specific profile) and then generate documentation - all the visual changes that you made will be reflected in the documentation too

Can I use my own documentation template?

You can choose one of our provided templates or specify your own template to generate documentation which covers your organizations style & content requirements. Contact us for more details if you are interested to create your own template.

Can I generate documentation for specific VPC?

Yes. We have developed resource filter feature which allows you to specify which resources you want to include in documentation / diagram. To visualize and generate documentation of specific VPC it's necessary to add VPC id in resource filter field. After that just click the generate button

Generation Profiles

What exactly is diagram generation profile?

We know that there can be different visualization needs for different cloud architectures. That's why we have developed diagram generation profiles. Besides of our default generation profiles you can easily set your own diagram generation settings and save these for later use as profiles

When should I create my own diagram generation profile?

You can create your own diagram generation profile whenever you see that our default profiles doesn't really work for your AWS cloud architecture. We are constantly improving our default generation profiles to cover different AWS cloud architectures. That's why we suggest if you have found that one of our default profiles work for you - please clone the default profile settings and save these as your profile for later use

What can I change in diagram generation profile?

First you can choose which resources / resource groups should be included in generated diagrams. After that you can set different kind of settings for each of the resources that we visualize. You can specify Element Settings like default width / height, fill / border colors, name length / color, different placement properties in the diagram etc. You can specify Connection Settings for that resource for example for Elastic Load Balancer you can set either to show connection lines with target EC2 instances or not. You can even set the line style / color / width / start / end arrows.
These are just a few of many different settings that you can change when creating your custom generation profiles

Do you plan to introduce new settings for generation profiles?

We are constantly improving existing ones that are currently available and of course we are listening to our users and introducing new settings that has been mostly requested. If you see that something is missing and could improve diagram generation flexibility you are welcome to drop us a message

Automation Profiles

What is automation profile?

You can schedule autogeneration of your diagrams and documentation for your AWS environments by creating automation profiles. Our app will do all the hard work so you don't have to spend time on refreshing and maintaining actual diagram of your AWS infrastructure.
The cool thing is that you can set specific visualization settings for your AWS environment as generation settings profile and create automation profile to use these settings when generating the diagrams

Where autogenerated files will be stored?

Our app will store generated files on S3 bucket located in your AWS account which is used for diagram and documentation generation. We suggest to create new S3 bucket fully dedicated for our tool to store the generated files. This means that you will have to update your existing cross-account role to give our tool access to this bucket. Here is our suggested policy template: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::companyname-cloudviz/*"
        }
    ]
}
Do you store autogenerated files on your servers?

Our app doesn't store autogenerated files anywhere else except your provided S3 bucket.

All the files (diagrams & documentation) are generated in memory and no data is stored on disk. This makes our tool really useful for companies or individuals who need to have more control of where the generated data is stored and who is accessing it.

As files are stored in your S3 bucket you have all the control what to do next by using different AWS services. Like configure SNS to send notifications to you and your team when new diagram or documentation is generated and give read access to your team members. Embed the generated diagrams into your Confluence, wiki or different dashboards - so you and your team will always have an updated diagram of your AWS environment

What file formats can I set for autogenerated diagrams / documentation?

Currently you can autogenerate your diagrams in PNG, SVG, PDF, WORD and JSON formats. You can opt in to store snapshot of your current AWS environment in JSON format.

How often files will be autogenerated?

You can choose the generation frequency which best works for you - starting from once every 3 hours till once every month

Cloudviz API

Where can I find Cloudviz API documentation and examples?

All the Cloudviz developer API related documentation and examples can be found in our API Docs page

As experienced AWS architects and developers, our goal is to provide users an easy way to create stunning AWS architecture diagrams and detailed technical documentation. Join us to simplify your diagramming process and unleash the beauty of your cloud infrastructure

Copyright © 2019 - 2024 Cloudviz Solutions SIA