Aws Architecture Diagram

When a user asks "draw our AWS network" or "show me the architecture":

1. Generate diagram: Use diagram tool scoped to networking resources
2. Include: VPCs, subnets (public/private), IGW, NAT GW, TGW, VPN, peering connections
3. Label: CIDR blocks, subnet names, AZ placement
4. Connections: Show routing paths — TGW attachments, peering links, VPN tunnels
5. Output: PNG or SVG file for sharing in Slack or documentation
6. Report: Architecture summary alongside the diagram

Workflow: VPC Detail Diagram

When focusing on a specific VPC:

1. Scope to VPC: Filter diagram to one VPC by ID or tag
2. Show subnets: Public, private, isolated — grouped by AZ
3. Show route tables: Main and custom route tables with key routes
4. Show gateways: IGW, NAT GW, VPC endpoints
5. Show security: NACLs, security group relationships
6. Output: Detailed VPC topology diagram

Workflow: Multi-Account Network Diagram

When documenting cross-account architecture:

1. Hub-spoke topology: Show Transit Gateway as the hub
2. VPC attachments: Each spoke VPC with its CIDR and purpose
3. Route propagation: Show which routes propagate where
4. VPN/DX: On-premises connections via VPN or Direct Connect
5. Inspection VPC: Network Firewall placement if applicable
6. Output: Enterprise network topology diagram

Integration with Other Skills

Diagram Scoping Tips

Important Rules

• Graphviz required — the MCP server generates Graphviz DOT files and renders them; graphviz must be installed
• Large accounts may produce complex diagrams — scope with filters for clarity
• Region-specific — diagram shows resources in the configured AWS_REGION only
• Read-only — only discovers and renders, never modifies resources
• Record in GAIT — log diagram generation for audit trail

Environment Variables

• AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION (or AWS_PROFILE)