Create Cloud Diagrams

To help you create a diagram, the DoiT console provides a step-by-step wizard to walk you through importing an AWS account.

CloudFormation stack

You will need an AWS CloudFormation stack. You can create one as part of the wizard when you import an AWS account. You must have the necessary permissions to create a CloudFormation stack.

EKS clusters

If the wizard detects any EKS clusters, you can choose to include them on your diagram. You can also add your EKS clusters to the diagram later using the DoiT console if you want to quickly visualize your core infrastructure first, or focus on a specific area, without overwhelming the initial diagram.

1. Sign in to the DoiT console, select Billing from the top navigation bar, and then select Assets.

2. On the Assets page, select Kubernetes.

   • For single cluster activation, select Activate.

   • For bulk cluster activation, select Enable features.

   EKS clusters already connected this way are automatically included in your diagram.

Import an AWS account

To import an AWS account whose resources you want to display:

1. Sign in to the DoiT console, select Governance from the top navigation bar, and then select Cloud Diagrams.

2. From AWS account list, select an AWS account whose products and services you wish to visualize.

3. Choose how you want to create a CloudFormation stack. You can do this using the AWS Console or CLI commands.

   AWS console

   1. Select AWS Console (CloudFormation stack).
   2. Select Set up Cloud Diagrams on AWS Console. You'll be taken to your AWS console to create a CloudFormation stack from a template.

   CLI commands

   1. Select CLI commands (CloudFormation stack). A code block is displayed.
   2. Copy the provided code block.
   3. Select Open AWS CloudShell.
   4. Paste the code and run the command.

   Once you have created a CloudFormation stack from a template, you may have to wait about 30 seconds while we update your account. Once your account is imported, a diagram is created.

4. Select Continue.

5. If DoiT detects EKS clusters in your account, you can choose to:

   • Show your EKS clusters on your diagram, for example, (show pods, deployments, and container details) for specific clusters.

   • Create a diagram without EKS clusters. If you select this option, your diagram is created. EKS clusters can be enabled at any time from the DoiT console.

     

6. We scan your account and detect your EKS clusters.

   

   Note

   If you want to do this later, you can choose to create the diagram without EKS clusters by selecting Skip this and create diagram. Your EKS clusters can be enabled at any time from the DoiT console.

   Select View detected clusters.

7. Select the EKS clusters you want to enable and select Next.

8. You must allow DoiT access to your EKS clusters. You can do this using either EKS access entry or Kubernetes RBAC, depending on your requirements.

   EKS access entry

   Selecting EKS access entry displays a code block. Copy the provided code block to create a new access entry, granting DoiTs designated IAM principal permissions and associating the AmazonEKSViewPolicy. This provides read-only access to your cluster's resources. You can open the AWS console to do this or use another method.

   Kubernetes RBAC

   1. Selecting Kubernetes RBAC displays a code block. Copy the provided code block to create a new access entry to grant DoiT permissions to interact with your EKS cluster. This access entry allows DoiT's designated IAM principal to connect to your cluster. You can open the AWS console to do this or use another method.

   2. Download the provided YAML files that define the ClusterRole and ClusterRoleBinding that control the actions that DoiT can perform within the cluster. Select Download files (n) where n represents the number of files to download, one for each cluster that you have.

   3. After downloading the YAML files, copy the code block to apply the Kubernetes permissions configuration file to enforce the defined permissions. You can open the AWS console to do this or use another method.

9. Select Next. The wizard tests the cluster connection. This may take a few seconds.

10. Select Continue. Once, your diagram is created, you are redirected to the diagram view. You can troubleshoot any import errors by selecting Import Errors.