Sync Process

Sync Process

Efficiently visualize your AWS infrastructure by synchronizing your account data and generating up-to-date diagrams and documentation

Understanding the Sync Process

To initiate the sync process, you first need to securely connect your AWS account to Cloudviz.io.

Once the connection is established, Cloudviz.io syncs (initiated / scheduled by user) and stores basic metadata about your AWS resources (like configuration values, resource ids, state/status values, and Tags). Cloudviz.io does not automatically access or sync your AWS environment without your explicit action.

Sync process can be initiated:

  • Manually by clicking the Sync Account button in the main view
  • By enabling automated monitoring to detect changes in your AWS environment and update your diagrams accordingly
  • Using API to sync your account data programmatically
  • Creating Automation Profiles to sync & generate diagrams / documentation at regular intervals and push these directly to your S3 bucket

This metadata forms the foundation for generating accurate and comprehensive diagrams and technical documentation of your AWS environment.

To read more about diagram generation process see Views section.

Delete Synced Data

You can easily delete all your synced data (from all AWS regions) for specific AWS account by deleting that account from Manage AWS Accounts section.

List of Synced Resources

Cloudviz.io currently visualizes the following AWS resource types:

  • Networking & Content Delivery:
    Region, Virtual Private Cloud (VPC), Availability Zone, Subnet, NAT Gateway, VPC Endpoint Interface, Application Load Balancer, Network Load Balancer, Gateway Load Balancer, Internet Gateway, Transit Gateway, VPN Gateway, VPN Connection, Customer Gateway, Router, VPC Endpoint Gateway, VPC Peering Connection, EFS Mount Target, CloudFront Distribution, Hosted Zone, API Gateway (REST API, HTTP API, WebSocket API), Security Group, Network ACL, Network Interface, VPC Endpoint GWLB, Egress Only Internet Gateway

  • Compute:
    EC2 Instance, Lambda Function, Auto Scaling Group, Elastic IP

  • Storage:
    S3 Bucket, EFS File System, Glacier Vault, Volume

  • Database:
    RDS Instance, ElastiCache Node, DynamoDB Table, Timestream Table

  • Application Services:
    SQS Queue, SNS Topic, SES Identity

  • Containers:
    ECS Task, ECS Cluster (*), ECS Service (*), EKS Cluster

  • Front-end Web & Mobile:
    AppSync GraphQL API

  • Security, Identity, & Compliance:
    WAF Web ACL, Directory Service Directory

  • Analytics:
    Redshift Cluster (*), Redshift Cluster Node, MSK Cluster (*), MSK Broker Instance, Elasticsearch Domain, Kinesis Data Stream

  • End User Computing:
    WorkSpace

(*): These resources are not automatically visualized in your diagrams. However, these are synced from your AWS account and are available to be added manually from the left-side resource menu.

Custom Read-Only Policy

The easiest way is to use the AWS managed ReadOnlyAccess policy for your cross-account role, which provides read-only access to your AWS services and resources. Alternatively, you can create your own custom policy and decide which services to grant read access to. Our app will only import and display resources for which it has the necessary permissions.

Below is our suggested custom read-only policy (last updated: April 30, 2024) to fully utilize our app’s sync functionality:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "autoscaling:Describe*",
        "dynamodb:ListTables",
        "ses:List*",
        "dynamodb:ListTagsOfResource",
        "s3:List*",
        "s3:GetBucketTagging",
        "s3:GetBucketLocation",
        "rds:Describe*",
        "dynamodb:DescribeTable",
        "glacier:List*",
        "timestream:List*",
        "timestream:Describe*",
        "elasticache:List*",
        "route53:List*",
        "elasticloadbalancing:Describe*",
        "apigateway:GET",
        "ecs:List*",
        "cloudfront:List*",
        "ses:Get*",
        "sqs:ListQueues",
        "elasticfilesystem:Describe*",
        "sns:GetTopicAttributes",
        "lambda:List*",
        "lambda:GetPolicy",
        "iam:GetPolicyVersion",
        "iam:ListPolicyVersions",
        "iam:ListAttachedRolePolicies",
        "iam:ListRolePolicies",
        "iam:GetRolePolicy",
        "ecs:Describe*",
        "sqs:GetQueueAttributes",
        "sqs:ListQueueTags",
        "elasticache:Describe*",
        "sns:List*",
        "ec2:Describe*",
        "rds:ListTagsForResource",
        "kafka:ListNodes",
        "kafka:ListClusters",
        "redshift:Describe*",
        "workspaces:Describe*",
        "es:Describe*",
        "es:List*",
        "eks:DescribeCluster",
        "eks:ListClusters",
        "kinesis:List*",
        "kinesis:Describe*",
        "wafv2:ListWebACLs",
        "wafv2:ListResourcesForWebACL",
        "wafv2:ListTagsForResource",
        "ds:DescribeDirectories",
        "eks:DescribeCluster",
        "eks:ListClusters",
        "appsync:ListGraphqlApis",
        "appsync:ListDataSources"
      ],
      "Resource": "*"
    }
  ]
}
AWS MarketplaceViews