Architecture Map

The Architecture Map is an interactive topology diagram that visualises your entire AWS infrastructure -- every resource, every connection, and every dependency -- in a single view. Rather than piecing together your architecture from multiple AWS console pages, the Architecture Map gives you a comprehensive, automatically generated diagram of how your environment is structured.

What the Architecture Map Shows

The Architecture Map renders your infrastructure as an interactive graph where:

Nodes represent individual AWS resources (EC2 instances, RDS databases, Lambda functions, S3 buckets, etc.)
Edges represent dependencies and relationships between resources (an EC2 instance attached to a security group, a Lambda function triggered by an SQS queue, etc.)
Groupings organise resources within their logical boundaries (VPCs, subnets, availability zones)

Each resource node displays its service icon, name, and type, making it easy to identify resources at a glance.

Layout and Organisation

The Architecture Map uses an intelligent multi-tier layout that organises resources from top to bottom based on their role in your architecture:

Tier	Resource Types
Edge / Entry	CloudFront distributions, API Gateway, Route 53 hosted zones, load balancers
Compute	EC2 instances, ECS services, Lambda functions, App Runner services
Data	RDS databases, DynamoDB tables, ElastiCache clusters, OpenSearch domains
Storage	S3 buckets, EFS file systems, EBS volumes
Foundation	VPCs, subnets, security groups, IAM roles, KMS keys

This tiered layout makes it intuitive to understand traffic flow from your users through your application tiers down to your data and storage layers.

VPC Grouping

When your environment has multiple VPCs, the Architecture Map groups resources within their respective VPC boundaries. This makes it easy to see which resources belong to which network boundary, and how traffic flows between VPCs.

info

VPC grouping is automatically applied when your environment contains two or more VPCs. For single-VPC environments, resources are displayed in the standard tiered layout without an additional VPC boundary.

Interacting with the Map

The Architecture Map is fully interactive. You can:

Navigate and Zoom

Pan -- Click and drag to move around the diagram
Zoom -- Scroll to zoom in and out, or use the zoom controls
Fit to view -- Click the fit button to zoom the diagram to show all resources

Select Resources

Click a resource node to highlight it and its immediate connections
View resource details in the side panel, including configuration, tags, and associated findings
See incoming and outgoing dependencies highlighted on the graph

Filter and Search

Search for specific resources by name, type, or ID
Filter by AWS service type to focus on specific parts of your infrastructure
Filter by region to view resources in a specific AWS region

Export

Export as PNG -- Download a high-resolution image of your architecture diagram for documentation, presentations, or compliance evidence
Share the diagram with team members by exporting and including it in architecture decision records or wiki pages

tip

Exporting the Architecture Map is useful for architecture reviews, incident response documentation, and compliance audits where you need to demonstrate your infrastructure topology.

Understanding Relationships

The edges (connections) between resource nodes represent different types of relationships:

Relationship	Description	Example
Manages	One resource manages or controls another	An Auto Scaling Group manages EC2 instances
Depends on	One resource requires another to function	A Lambda function depends on a DynamoDB table
Routes to	Network traffic flows from one resource to another	A load balancer routes to target group instances
Secures	A security resource protects another resource	A security group secures an EC2 instance
Stores in	A resource uses another for data storage	An application writes logs to an S3 bucket

These relationships are automatically discovered during Guardian Pro's resource discovery scan. They are based on actual AWS resource configurations -- not inferred or manually defined.

Integration with Other Features

The Architecture Map is deeply connected to other Architecture Advisor capabilities:

Risk Overlay

Resources that have active architectural risks (from the Risk Radar) are visually indicated on the map. This lets you see at a glance which parts of your infrastructure have detected risks.

Failure Simulation

You can launch a Failure Simulation directly from the Architecture Map by selecting a resource and choosing "Simulate Failure." The cascade results overlay onto the map, showing the failure propagation path in context.

Findings

Resources with active security or cost findings are indicated on the map. Clicking on a flagged resource shows its associated findings and links directly to the Action Centre for remediation.

Common Use Cases

Architecture Documentation

Use the Architecture Map as living documentation of your infrastructure. Unlike manually maintained diagrams that go stale, the Architecture Map updates automatically with every scan.

Onboarding New Team Members

Give new engineers an immediate visual understanding of the infrastructure they will be working with. The tiered layout and VPC grouping make it easy to understand the overall structure.

Change Impact Analysis

Before making infrastructure changes, review the Architecture Map to understand which resources are connected to the component you plan to modify. This helps you anticipate the impact of changes and plan accordingly.

Incident Investigation

During incidents, the Architecture Map helps you quickly understand the topology around the affected resource, identify upstream and downstream dependencies, and assess the potential blast radius.

Compliance Evidence

Many compliance frameworks require documentation of your infrastructure architecture. The Architecture Map export provides up-to-date evidence of your topology.

note

The Architecture Map is generated from the most recent resource discovery scan. If your infrastructure has changed since the last scan, trigger a new scan from the Dashboard to update the map.

Large Environment Considerations

For environments with a large number of resources, the Architecture Map provides several features to maintain usability:

Automatic layout optimisation arranges resources to minimise visual clutter and overlapping edges
Progressive rendering ensures the map remains responsive even with hundreds of resources
Filtering allows you to focus on specific services, regions, or resource types to reduce visual complexity
Zoom and pan let you navigate to specific areas of interest

tip

For very large environments, start by filtering to a specific VPC or service type, then gradually expand your view. This makes it easier to understand individual sections of your architecture before seeing the full picture.

Next Steps

Failure Simulator -- Select a resource on the map and simulate its failure.
Risk Radar -- Understand the risks overlaid on the map.
Resource Explorer -- Browse your resources in a tabular format with detailed configuration data.
Growth Readiness -- Assess whether your architecture is ready for scaling.

What the Architecture Map Shows​

Layout and Organisation​

VPC Grouping​

Interacting with the Map​

Navigate and Zoom​

Select Resources​

Filter and Search​

Export​

Understanding Relationships​

Integration with Other Features​

Risk Overlay​

Failure Simulation​

Findings​

Common Use Cases​

Architecture Documentation​

Onboarding New Team Members​

Change Impact Analysis​

Incident Investigation​

Compliance Evidence​

Large Environment Considerations​

Next Steps​