AWS: CloudCraft – an existing infrastructure’s map generator

By | 08/21/2019

I’m using CloudCraft service for a while – really handy.

A couple of days ago I got a full subscription with all its features (first two weeks are free, by the way) among which I’d like to try an ability to create a map of an existing AWS account with all its resources and their relations/communications.

Subscription cost $49/month.

In general, using CloudCraft you can draw a map like next (from the AWS: миграция RTFM 2.3 — инфраструктура для RTFM и создание CloudFormation шаблона — VPC, subnets, EC2 post, Rus):

In this post – we will integrate CloudCraft with an existing AWS account and will generate a new map with already created resources in this account.

Access to the AWS account will be configured using the CloudCraft’s External ID and AWS Cross Account IAM Roles.

CloudCraft and AWS account integration

Go to the, chose the Live tab:

Click Add AWS Account:

And just go step-by-step with the instruction from CloudCraft:

Click on the “Open the AWS IAM Console to the Create Role page” link – you’ll be redirected into the AWS => IAM – everything will be filled here:

Click Permissions – here is the ReadOnlyAccess already checked:

Skip tags, save the role:

Copy its ARN:


Set it into the CloudCraft:

Click Save AWS Account.

A map generation

Chose the desired region:

Click Scan Now:

Here is an example of my own personal account, where the RTFM blog was previously (it was migrated to the DigitalOcean).

Now here is the only OpenVPN Access Serer lives:

When an account has a lot of resources – it looks much more interesting:

Click Auto Layout, chose components to display:


And the result is:

Because of the obvious reasons – I can’t show my current job’s account resources map, but it looks impressive 🙂

By clicking on any object on the map you’ll get detailed information about it:

And as a “bonus” – the Budget tab: