cfnbuddy

The product looks great. Right from the start I can see that you have automated a very tedious process, kudos to that. I was wondering, how are you actually drawing the diagrams, after you have the data ? Also, I want to congratulate you on the good FAQ, explaining also some of the features which are not still developed.

Clever idea - I can see this being really useful. Nice work!

As a developer who has OCD about productivity, I find 2 big issues that remains unresolved on AWS: 1: understanding my infra and, 2: how to automate it with CloudFormation. Navigating pages in different regions and accounts is slow and tedious. Writing scripts can only get you so far. Diagrams are nice but you still have to draw them. When you do, they get outdated by the time you come back from lunch. Also, CloudFormation has a long feedback cycle even if you've made simple typo. Given all this, I thought that there must be a better solution that works ideally without me having to think about it. This is why I built cfnbuddy. It grew out of my own needs to solve such issues. How it works is it regularly scans your AWS account, creates CloudFormation templates and architecture diagrams out of it and send you a git commit every hour. Therefore, you have an accurate view of what you have in your infra under git. But that's just the start. What does representing your infra under git imply? Several things: - Templates are regular files, so you could use it compare your dev, test and production environments using familiar diff tools. Great for spotting inconsistencies in your environments. - since git works offline, you can work with cfnbuddy offline too. That's the fastest way to look for your resources across accounts and regions. - Don't want to figure out the CloudFormation syntax? That's OK; experiment by creating the resource manually and cfnbuddy's next commit will give you the snippet needed for you to recreate it with CloudFormation. - Since your broader infra is represented as CloudFormation templates, cfnbuddy could run static analysis tool on it. In fact, 150+ cfn-nag scans are available as a core feature to help spot bad practices and insecure config. - your diagrams will remain up to date. cfnbuddy works in the background so you just do a "git pull" when you're ready to see changes. - create a git repo for your whole team, no matter the size. I won't (and can't) prevent you from inviting your whole org. One plan for the whole team and unlimited resources (per AWS account). VPC diagrams are nice but only limited; that's why I included several "views" on your infra, e.g where are your encryption keys being used? how are your SSL certificates being used? are your Cloudwatch alarms sending actions to the right place? What ports are open to the world? There's an image for that. (15 diagram types across all regions included) Questions I imagine you may have: "Giving you access to my AWS account sounds creepy". Definitely a reasonable concern! I wouldn't blindly trust it neither but know that cfnbuddy cannot read your S3 objects, log on your servers, nor see your serverless code. It can even sync to GitHub/GitLab without your access token leaving your account. Everything is documented and auditable in our setup CloudFormation template. (Feel free to have it reviewed by a security expert; I share more security details on the website) "But aren't images inefficient to store in git?" That's why cfnbuddy sends commits only when something really changes. I go to great lengths to make sure that your repo won't get bloated. "I need these templates and diagrams once". That's OK; you can sign up and cancel right away. You'll continue to receive commits for the duration of your subscription. The catch? There's no free trial. I may add one later but right now I want to give individual attention to those who are most eager to try cfnbuddy. If that sounds like you, I'm looking for 10 early adopters with whom I'll work really closely. What's in it for you? Lock in the best price and feature set I'll ever offer. I'll also bump your feature requests on top of my priority queue. I'll be flattered if you could check it out at https://www.cfnbuddy.com and share your first impressions about it below.